Payment Card Data Breach Confirmed by Kimpton Hotels & Restaurants
“Kimpton Hotels & Restaurants received a report on July 15, 2016 of unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of our hotels. We immediately began to investigate the report and hired leading cyber security firms to examine our payment card processing system. Findings from the investigation show that malware was installed on servers that processed payment cards used at the restaurants and front desks of some of our hotels. The malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the affected server. The malware primarily found track data that contained the card number, expiration date, and internal verification code, but in a small number of instances it may have found the track that also contains the cardholder name.”
The issue has reportedly been resolved — along with the promise that existing security measures will be strengthened further to attempt to prevent an incident similar to this from occurring again — but the cause and extent of this incident is still unknown at this time. “We notified law enforcement and are also working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards.”
Kimpton is Not the First Lodging Company to Experience a Security Breach
This incident is not the first involving a breach of sensitive customer information at the points of sale at the properties of lodging companies. In fact, security breaches have happened numerous times in recent years and have affected virtually every lodging company.
Either way, I wonder if companies would be more vigilant if they would compensate customers every time their accounts were breached or their sensitive information stolen. If the answer is that they would go broke if that happened, that only further convinces me of the gravity of this technology problem and that better security measures need to be put in place.
These past articles written by me seem to illustrate how serious is this problem of protecting sensitive data from being breached — and it seems that no company is immune:
What You Can Do to Mitigate Fraud as a Result of a Security Breach
Unfortunately — in this digitally connected world — there is no sure-fire way to completely insulate yourself from security breaches and possible fraudulent activity using your sensitive information; but you can take measures to at least mitigate the possibility.
Most important is to remain as aware of your financial activity as possible. Review your payment card statements for any unauthorized activity — and if you do find anything questionable about which you are unsure, report it to the issuer of your payment card. No harm is typically done to anyone if the activity proves to be valid — the worst that could happen is that payment is delayed to the merchant — but if the activity proves to be fraudulent, you have given early and timely notice in preventing it from happening further; and you usually are not liable for any damages beyond $50.00 at most.
Similarly, review activity on your credit report as well. You may obtain a complimentary copy of your credit report once every 12 months — as well as place a security freeze on your credit report if necessary — from each of the three nationwide credit reporting companies:
Equifax PO Box 740241, Atlanta, Georgia 30374, 1-800-685-1111
Experian PO Box 2002, Allen, Texas 75013, 1-888-397-3742
TransUnion PO Box 2000, Chester, Pennsylvania 19016, 1-800-916-8800
If you believe you are the victim of identity theft — or have reason to believe your personal information has been misused — you should immediately contact the Federal Trade Commission or the office of the attorney general in the state where you reside. You can obtain information from these sources about steps you can take to avoid identity theft — as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:
Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, D.C. 20580
1-877-IDTHEFT 0r 1-877-438-4338 www.ftc.gov/idtheft
Closely scrutinize and review the account statements of the credit card which you used for payment; and if you detect any unauthorized charges, immediately report them to the financial institution which issued your card. Timely reporting of any nefarious activity with your card usually will ensure that you are not responsible for unauthorized charges and therefore will not be required to pay them.
To help reduce the chances of your frequent travel loyalty program account becoming compromised, consider following these steps:
Do not use your e-mail address as your user name or identification to log into different Internet web sites
Use a complex password and regularly update it
Use different credentials — passwords and user names, as two examples — to log in for each of your accounts in different frequent travel loyalty programs
Always check your account regularly
Promptly report any potential suspicious activity
Anyone can say with absolute confidence that this will not be the last time the sensitive data of people or companies will be breached in some way; so being vigilant about protecting your information is of paramount importance — and constant and consistently acute awareness is key to that vigilance.
Again, the recovery process from the results of fraudulent activity can be quite arduous and time-consuming; so preventative measures in protecting your sensitive information from being accessed — or, at least, mitigating any further damaging activity from occurring — is preferable.
In the meantime, the team at Kimpton Hotels & Restaurants regrets any inconvenience this incident may have caused. Please call 888-339-3142 Monday through Friday between the hours of 9:00 in the morning to 8:00 in the evening Eastern time if you have questions.