From their press release:
Paradise Island, Bahamas, November 21, 2016 – Atlantis, Paradise Island (the “Resort”) today announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at food and beverage and retail locations at the Resort between March 9, 2016 and October 22, 2016. We have engaged professionals who have corrected the issue and customers can now safely use their credit and debit cards at the food and beverage and retail locations at the Resort. This incident did not affect credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
What Happened? The Resort began investigating unusual activity after receiving reports from its credit card processor. The Resort immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems. On October 21, 2016, the Resort discovered suspicious files on its computer systems that indicated a potential compromise of customers’ credit and debit card data for some credit and debit cards used at food and beverage and retail locations at the resort.
Since that time, the Resort has been working with third-party forensic investigators to determine what happened and what information was affected. The Resort has confirmed that malware may have captured data from some credit and debit cards used at food and beverage and retail locations at the Resort. The Resort has removed the malware at issue to contain this incident and implemented additional procedures in an effort to prevent any further unauthorized access to customers’ credit and debit card information. This incident did not affect credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
What Information Was Involved? Through the ongoing third-party forensic investigations, the Resort confirmed that malware may have captured credit and debit card data from some credit and debit cards used at food and beverage and retail locations between March 9, 2016 and October 22, 2016. The information at risk as a result of this event for credit or debit cards used at the impacted locations includes the card number, expiration date, CVV and in some instances, cardholder name. This incident did not involve customers’ Social Security numbers as this information is never collected by the Resort. This incident did not involve customers’ PIN numbers, either.
What We Are Doing. “The Resort takes the security of our customers’ information extremely seriously, and we apologize for the inconvenience this incident may have caused our customers,” Howard C. Karawan, President and Managing Director of Atlantis, Paradise Island, stated. Mr. Karawan, expanded, “We continue to work with third-party forensic investigators to ensure the security of our systems on behalf of our customers and would like to take this opportunity to remind customers to remain vigilant against fraud by reviewing their financial account statements regularly and reporting any suspicious activity.”
For More Information. The Resort has established a dedicated assistance line for individuals seeking additional information regarding this incident. Customers can call (877) 223-3689, Monday through Friday (excluding U.S. holidays), 9 a.m. to 7 p.m. EST and provide reference number 1141111816 when calling. Customers that live in a country that does not support toll free numbers in the North American Numbering Plan, please phone 1-814-201-3667, 9 a.m. to 7 p.m. EST, Monday through Friday (excluding U.S. holidays).
For the full press release, see their site.