How many victims? Unknown, but the breach affects a “small percentage of our WHR customers,” the company said in an open letter to customers.
What type of personal information? Cardholder names and card numbers, expiration dates and other data from the card's magnetic stripe.
Birth dates, Social Security numbers, addresses or other personally identifying information were not kept by the hotels and are not part of the compromise.
What happened? In late January, WHR discovered that a sophisticated hacker broke into the computer systems of one of its data centers. By going through the centralized network connections, the hacker was able to access and download sensitive customer information from several, but not all, of the WHR hotels.
Details: Last year, WHR suffered a separate data breach after a hacker accessed its computer systems and downloaded information from several WHR properties.
Quote: “We deeply regret that this incident occurred and are doing everything we can to notify our customers directly, to address and remedy the problem,” WHR's open letter to customers states.
What was the response? The company ensured the hack was immediately caught and stopped, and the chain retained an investigator to assess the problem and help the company improve security. In addition, each impacted property is being investigated by a firm specializing in the Payment Card Industry Data Security Standard (PCI DSS) to assess and improve compliance.
WHR is working to notify affected individuals and plans to offer them free credit monitoring services. WHR has also notified the U.S. Secret Service, as well as several states' attorneys general offices with information about the breach.
Source: Wyndham Hotels and Resorts, “Open letter to our customers,” February 2010.