Omni Hotels Hit by POS Malware
Omni Hotels & Resorts notified customers last week that hackers accessed the chain’s POS systems and installed malware that enabled them to access payment card information. In an alert posted on its Website, Omni said it discovered the attacks on May 30, 2016, and that the malware may have operated between Dec. 23, 2015, and June 14, 2016—although most of the systems were affected during a shorter time frame, the company said.
Forty nine of Omni’s 60 North American hotels were affected, according to a report by the Wall Street Journal. The malware was designed to collect payment card data, including cardholder names, credit/debit card numbers, security codes and expiration dates. However, Omni said it had “no indication” that its reservation or guest membership systems were affected. “Accordingly, if you did not physically present your payment card at a point of sale system at one of the affected Omni locations, we do not believe your payment card was affected,” the notice said.
More than 50,000 payment card numbers related to the breach have been sold on criminal online forums by a single hacker, the WSJ reported, citing a cybersecurity expert. The malicious software likely was installed on POS systems in Omni properties’ restaurants and bars—a technique that was used on previous attacks against other hotel chains—the expert suggested.
Data breaches have become one of the most vexing cybersecurity challenges, with more than 700 million consumer records exposed to fraudsters in 2015, according to Gemalto. Data obtained in such breaches often are used for account takeover and new account fraud—which are expected to increase by 60 percent in the next three years, resulting in a loss of some $8 billion, according to Javelin Strategy & Research.