Although Destination Hotels & Resorts never responded to my inquiry about how many guests were affected by a breach reported previously on this blog, a notification their law firm filed with the Maryland Attorney General’s Office on July 20th indicated that 1,354 residents of Maryland were also affected by the hacking incident that occurred between January 1 and June 15th. That pretty much confirms my sense that the 700 number was not a national total at all.
More significantly, though, an August 6th update provided to the state by the law firm indicates that further investigation uncovered evidence that the computer system of one of DHR’s New York properties may have been accessed as early as April 2009. The property was not named, and the only New York property currently listed on DHR’s site is the Tarrytown House Estate & Conference Center.
The updated report does not indicate how many additional guests now required notification as a result of revising the estimated date of the compromise, so don’t be surprised if there are further updates to coverage of this breach.
Update: The NYS breach logs for August 2010 reflect that the breach affected 13,342 New York State residents. Add that to the 1,354 Maryland residents and the 470 New Hampshire residents, and it seems like this breach may have been much bigger than previously reported as affecting 700.