Hutton Hotel in Nashville is notifying guests of a that first began on September 23, 2012.
In their notification, they write that after being alerted to a potential problem by their payment processor, their outside consultants determined that unknown individuals had been able to install a program on the payment processing system in September 2012.
The program could have affected payment card data—including cardholder name, payment card account number, card expiration date, and verification code—of guests who used a payment card to pay for or place hotel reservations during the period from September 19, 2012 to April 16, 2015, or who made purchases at the onsite food and beverage outlets from November 15, 2015 to June 10, 2016.
In response to the breach, Hutton Hotel says that they have implemented enhanced security measures, including the use of stand-alone payment processing devices. They also notified law enforcement, and are working closely with the payment card companies to identify potentially affected cards so that the card issuers can be made aware and initiate heightened monitoring on those accounts.