Yesterday, Robert McMillan provided more detail on the most recent Wyndham Hotel and Resort chain breach:
Wyndham operates over 7,114 hotels worldwide, including Ramada, Days Inn and Super 8. Just how many hotels were hit by this latest attempt was unclear, however. Until today. The company just released a statement saying that 37 hotels were hit, and that only Wyndham-branded properties were hit. That looks like the same M.O. we’ve seen in previous attacks.
Wyndham Hotels and Resorts experienced a computer security incident in late 2009. As a result of that incident, an unauthorized user may have gained access to credit card numbers and certain associated information. As soon as the incident was identified, the perpetrator’s access was quickly isolated and contained. We believe a maximum of 37 Wyndham Hotel and Resorts branded properties may have been affected for various windows of time during the period between October 25, 2009 and January 29, 2010.
Guest records of the more than 7,000 non-Wyndham Hotels and Resorts branded hotels in the Wyndham Hotel Group were not affected.
Update 2: In response to an email inquiry sent by this site, a spokesperson for Wyndham Hotels and Resorts informs DataBreaches.net that the two previous breaches were also confined to Wyndham Hotels and Resorts branded hotels and were limited to a similar number of hotels. Non-Wyndham Hotels and Resorts branded hotels in the Wyndham Hotel Group were not affected.