DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

PA: Nemacolin Woodlands Resort reports security breach during summer (update3)

Posted on October 2, 2012 by Dissent

WTAE in Pennsylvania reports that guests who stayed at  Nemacolin Woodlands Resort between May and July may have had their credit card numbers, expiration dates, and CSC numbers exfiltrated by a POS compromise.

Read the statement from Nemacolin Woodlands Resort on WTAE.

One intriguing statement in their release was this:

A private firm investigating this security issue noted that other hospitality outlets using the same point of sale system were also victimized and that the appropriate agencies are working to identify the guilty parties.

So… did someone enable remote access with default login credentials or what? And what POS was this? I’ve reached out to the resort to request more information and will update this blog entry if I get a response.

Update: NWR kindly responded to my inquiry but says that they are not releasing any additional details at this time due to the ongoing investigation.

Update2: From what I’ve been reading, default login credentials should not be an issue if it’s a current version of the software (see also this January 2011 document).

Update3:  I contacted Micros who responded with the following statement:

While for reasons of confidentiality and security we do not comment on any specific matters, we can state definitively that MICROS sells only products that have undergone thorough security testing and analysis, and have been further validated in writing by an independent third party qualified security assessor as fully compliant with the PA-DSS security standards. All of MICROS’ validated products appear on the PCI security website, at www.PCISecurityStandards.org.

Finally, we are unaware of any “rash” of compromises. Quite to the contrary, the number of security compromises has declined significantly as more and more merchants are now implementing better security procedures, which include the deployment of only PA-DSS validated products.

So why did the team investigating the Nemacolin breach say that others using the same POS were also victimized? It would be nice to know more about what’s really going on.

Category: Breach IncidentsBusiness SectorHackID Theft

Post navigation

← UK: NHS trust sent confidential information to private firm
100+ Education hacked, thousands of accounts leaked by @TeamGhostShell →

4 thoughts on “PA: Nemacolin Woodlands Resort reports security breach during summer (update3)”

  1. Tanya M says:
    October 3, 2012 at 10:01 am

    I see that Nemicolon is saying this started in May. However, my friends, sister, and I visited Nemicolon at the end of March and it happened to us. I used my new credit card two times, once online and once at Nemicolon. When it was maxed out in Canada, I assumed it was the online transaction. Then two weeks later my sister’s debit card was maxed out in Kanas. Another party with us had a card stolen and used in Kentucky. Not only has Nemicolon not come forward with this information, or notified any guest that might be victims, but they are minimizing the time frame. This is upsetting and not what you would expect from a 5 star resort.

    1. admin says:
      October 3, 2012 at 10:06 am

      Have you contacted NWR to let them know about your experiences? Sometimes timeframes get revised as forensic investigations go on. If you think this really started earlier, I hope you let them know. And have you asked them about providing credit restoration services at their expense? Please keep us posted.

  2. Manny says:
    October 3, 2012 at 10:24 am

    Micros 9700

    1. admin says:
      October 3, 2012 at 10:38 am

      Thanks. If you don’t want to say publicly, perhaps you could email me (breaches at databreaches.net) to let me know how you know this? And if you have any other details, do let me know.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.