Rosen Hotels and Resorts posted on its website that the company has completed an investigation of detected malware affecting payment card data from Sept. 2, 2014 through Feb. 18, 2016.
Rosen Hotels & Resorts Inc. (RH&R) values the relationship it has with its guests and understands the importance of protecting payment card information. RH&R received reports on Feb. 3, 2016 of unauthorized charges that occurred on payment cards after they had been used by RH&R guests during their stay. RH&R immediately initiated an investigation into these reports and hired a leading cyber security firm to examine its payment card processing system.
“Together with our cyber security firm, we have worked tirelessly to contain and address the incident. Additional, enhanced security measures have been implemented to help prevent this from happening again,” said Frank Santos, vice president and chief financial officer of Rosen Hotels & Resorts. “We regret the inconvenience and concern this news may cause our customers.”
Findings from the investigation show that an unauthorized person installed malware in RH&R’s payment card network that searched for data read from the magnetic stripe of payment cards as it was routed through the affected systems. In some instances the malware sought to gather cardholder name, card number, expiration date and internal verification code from the magnetic stripe on the card, while in other instances the data sought did not include cardholder name. No other customer information was involved. Cards used at RH&R between Sept. 2, 2014 and Feb. 18, 2016 may have been affected.
RH&R is working with payment card networks to identify the potentially affected cards so that the issuing banks can be made aware and initiate heightened monitoring on those accounts. RH&R is also supporting law enforcement’s investigation. For guests where the findings show that the payment card information involved included their name and for whom we have a mailing address or e-mail address, RH&R will be mailing them a letter or sending them an email.
RH&R recommends that guests who used a payment card during this time frame remain vigilant for signs of unauthorized charges by closely reviewing their payment card account statements. Guests should immediately report any unauthorized charges to their card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card.
RH&R has established a dedicated helpline at (855) 907-3214 for guests who have questions about this incident. The helpline is open from 8 a.m. to 8 p.m. EST, Monday to Friday. Guests may also visit www.rosenhotels.com/protectingourguests.