DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Rosen Hotels & Resorts notifies guests of payment card breach that began in 2014

Posted on March 4, 2016 by Dissent

Having to disclose a breach to your customers…. and a breach that began in 2014 and continued until recently… is not a task I’d relish. Here’s the notice from Rosen Hotels & Resorts, who have seven properties in the Orlando area:

March 4, 2016

California residents please click here

Rosen Hotels & Resorts Inc. (RH&R) values the relationship we have with our guests and understands the importance of protecting payment card information. We are writing to inform you about an incident that may involve some of that information.

We received unconfirmed reports on February 3, 2016 of a pattern of unauthorized charges occurring on payment cards after they had been used by some of our guests during their stay. We immediately initiated an investigation into these reports and hired a leading cyber security firm to examine our payment card processing system. Findings from the investigation show that an unauthorized person installed malware in RH&R’s payment card network that searched for data read from the magnetic stripe of payment cards as it was routed through the affected systems. In some instances the malware identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the malware only found payment card data that did not include cardholder name. No other customer information was involved. Cards used at RH&R between September 2, 2014 and February 18, 2016 may have been affected.

We are working with the payment card networks to identify the potentially affected cards so that the banks that issued them can be made aware and initiate heightened monitoring on those accounts. For guests where the findings show that the payment card information involved included their name and for whom we have a mailing address or e-mail address, we will be mailing them a letter or sending them an e-mail. We are also supporting law enforcement’s investigation.

If you used a payment card at RH&R during this time frame, we recommend that you remain vigilant for signs of unauthorized charges by closely reviewing your payment card account statements. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take to protect your information.

Additionally, we have established a dedicated helpline – (855) 907-3214 – if you have questions about this incident. The call center is open from 8 a.m. to 8 p.m. EST, Monday to Friday. Together with our third party cyber security expert, we have worked tirelessly to contain and address the incident. Additional, enhanced security measures have been implemented to help prevent this from happening again. RH&R regrets any inconvenience or concern this may have caused.

For the full notification, see their site.

No related posts.

Category: Business SectorMalwareU.S.

Post navigation

← CA: Medical records found dumped on Paradise Hills sidewalk
Sensitive details of police operations posted on City of West Palm Beach’s site in redaction #FAIL →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.