Shell Vacation Resorts, which owns 26 properties in nine U.S. states, Canada, and Mexico, has been investigating a security breach at some of their properties that resulted in credit card fraud for an unspecified number of their guests and employees. An FAQ on the incident indicates that the breach occurred between June 2010 and October 2010.
Several guests who stayed at the Desert Rose Resort had reported on TripAdvisor.com that they became victims of debit card or credit card fraud following their stay at the Las Vegas hotel. On October 16, a hotel manager responded to one such complaint:
“We have recently contracted with a forensic investigative specialist to assist us with investigating a potential security breach that may have occurred this summer. In the interim, we are advising all of our guests to review their debit account information/credit card statements very closely and report any suspected unauthorized card activity to the bank that issued the credit card immediately.”
The same manager also responded to another unhappy guest who posted their experience on TripAdvisor.com.
Shell Vacations subsequently posted a notice about the breach on their web site. A recent update indicates that they will be providing more details in the near future, but it sounds like a POS breach from the information provided. An inquiry requesting more details on the breach sent yesterday has not yet received a reply.