Wyndham hotels hacked again

International hotel group Wyndham Hotels and Resorts (WHR) has suffered yet another serious data breach after hackers broke into its computer systems, stealing customer names and payment card information.

According to an open letter posted on the firm’s site, the luxury hotel group discovered the attack, which targeted one of its data centres, in late January.

“By going through the centralised network connections, the hacker was then able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers,” read the letter.

“In addition to ensuring that the hack was immediately terminated and disabled, we promptly retained a qualified investigator to assess the problem and ensure that we had isolated it, and then to help us implement the proper changes to strengthen and improve the security of our connections with each of our WHR branded properties.”

The company also moved quickly to ensure a PCI investigation firm assessing and improving the security at “each hotel property in the system”.

The firm also notified the Secret Service and several state attorneys of the incident, as well as providing the credit card companies with the numbers of all compromised cards so that they can monitor their usage.

Understandably the hotel tried to play down the significance of the breach – its third in a year.

“No criminal identity theft related to the use of the consumer data has been identified,” the letter stated.

“Importantly, we believe that it is unlikely that identity theft will occur because of the limited amount of information that was compromised. Birthdates, SSNs, addresses or other personally identifying information were not kept by the hotels and therefore not part of the compromise.”

The group has four hotels in Australia under the brand Ramada.