DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Wyndham Hotel Group hacked

Posted on January 3, 2009 by Dissent

If you stayed at a Wyndham hotel, check your mail, because you may be getting a letter from the chain telling you of a hack that occurred months ago.

In a letter to the New Hampshire Attorney General dated December 23, Wyndham Hotels and Resorts updated a notification sent to states attorney general back in early October about a breach involving their data center in Phoenix. The date of the breach and date of discovery were not indicated in the follow-up letter and the original notification to states attorney general is not currently available online.

In a letter to affected individuals, the chain writes:

As a result of unauthorized access to Wyndham systems, Wyndham has determined that your credit or debit card number, expiration date and possibly your name were compromised. Wyndham has taken numerous steps to protect your information since the discovery of this incident. In addition to terminating the unauthorized access, we revalidated our information security infrastructure to confirm that we maintain industry standard protections for customer data. In addition, we promptly notified law enforcement and each of the major payment card networks (American Express, Visa, MasterCard, and Discover). We also provided each of the payment card companies with the actual credit and debit card numbers that had been involved in the incident so that the payment card companies could take such action as they deemed appropriate to monitor the cards. We also notified the affected managed and franchised hotels so that they could take the appropriate action to ensure that their systems are properly investigated and secured.


In their notification to the states, Wyndham notes that “due to the nature of the breach, the names and addresses of the consumers were not readily available. Consequently, Wyndham contracted with a third party, Equifax, to provide a matching service for all current credit card numbers which we believe may have been compromised.”

Notification to those affected began on December 15, but because the matching process was not completed as of December 23, the company anticipated that it would still be sending out notifications “early in 2009.”

Wyndham did not indicate in its notification which hotels were affected or how many customers were affected.  In its response to an inquiry, a spokesperson reported:

We are taking every step to ensure our guests’ information is protected and at the same time give them notice to watch their accounts. This affected a small number of guests at a small number of hotels.

Claiming confidentiality, the spokesperson declined to answer any further questions. A reliable source informs us that Wyndham has also tried to prevent its breach disclosure from being made publicly available on the web in at least one state’s breach list.

The chain is offering those affected one year of Equifax Credit Watch 3-in-1 Alerts and:

In addition, for a limited time we are offering a Preferred Customer Rate discount program for our customers who may have been impacted by this incident. You will receive a 20% discount on the room rate for any hotel stays with a Wyndham brand hotel when you make your reservations on or before March 31, 2009. To take advantage of this offer via telephone, you may call 1-800-WYNDHAM and ask for the PREFERRED GUEST RATE  or ask for the rate for Corporate ID 43783670. To take advantage of the discount online, please visit www.wyndham.com. and select the property at which you want to stay.  At that point, you should enter your travel details, click on Search using Corporate, Promo and Group codes, enter Corporate ID 43783670 and then search for rates.

Category: Breach IncidentsBusiness SectorHackU.S.

Post navigation

← Pepsi employee data on missing storage device
Stolen CreditTek laptop contained data on 68,857 DJO patients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.