DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TN: Manchester Hotel Hospitality first notifies customers of breach IHG knew about months ago

Posted on June 27, 2015 by Dissent

On May 7, this site reported:

It seems Six Continents Hotels (InterContinental Hotel Groups) was notified earlier this year by the Secret Service that some of its hotels had suffered a data security breach. One of the hotels IHG subsequently notified was Cities Service (Holiday Inn Express & Suites in Sulphur, Louisiana). IHG alerted them on February 11, 2015.

At the time, I wondered when/if we’d see other notifications.

On June 23, counsel for Manchester Hotel Hospitality notified the New Hampshire Attorney General’s Office that they, too, had been impacted by the breach, and they weren’t too happy about IHG’s handling of their part.

According to their letter, although MHH was contacted by IHG on February 11, and IHG arranged for a forensic examination of their system with Dell SecureWorks, IHG did not provide MHH with Dell SecureWork’s report until April 29, 2015. Until then, MHH did not know for sure whether there had been any compromise involving their location.

As with the Holiday Inn Express & Suites, MHH learned that a workstation had been compromised by an email attachment, with the date of exposure being October 13, 2014 until February 13, 2015. A total of 999 MHH customers were affected by the breach nationwide.

Adding to their notification delays, MHH reported that the Dell SecureWork’s report delivered to them on April 29th appeared to be incomplete and contained invalid credit card numbers. After further investigation, MHH received a revised data set from Dell SecureWorks on June 8, 2015. Given the small number of staff at the Manchester, Tennessee hotel, it took time for MHH staff to work through their records to locate customers’ addresses for notification purposes.

Those affected were notified by letter on or about June 23, 2015, and were offered fraud assistance services with IDT911. The company reports it had no evidence of misuse of any customer payment card data. The breach did not appear to involve CVV codes, but did involve names, card numbers, and card expiration dates.

In response to the breach, MHH updated its firewalls, employee procedures, and security software in line with Dell SecureWorks’ and PCI DSS recommendations, and reimaged the affected workstation.

But one of the bottom lines is that IHG notified hotels on or about February 11, and affected hotel guests did not get notified until this past week in at least one case. And given today’s standards and consumer expectations, that’s way too long a delay in notification.

Related posts:

  • InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region
  • Dell notifies customers of breach; seller “Menelik” is ShinyHunters (2)
  • InterContinental Hotel Groups alerted by Secret Service to breach
  • FTC Files Complaint Against Wyndham Hotels For Failure to Protect Consumers’ Personal Information
Category: Business SectorMalwareU.S.

Post navigation

← MD: Meritus contacting patients after ‘privacy incident’
Courts Restrict Ability of Customers and Employees to Sue Companies Following a Data Breach, But Risks of Other Liabilities Remain →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.