A hotel chain’s malware infection has compromised their visitors’ credit and debit cards. If you visited a Rosen Hotels & Resorts location between September 2, 2014 and February 18, 2016 you card information may have been exposed to cybercriminals. The company owns and operates seven hotels in Florida near many of Orlando’s famous theme parks. The malware installed in their payment card system recorded data from the magnetic stripes of credit and debit cards and captured the cardholder name, expiration date and verification code of some cards.

The company received reports on February 3rd, 2016 about a “pattern of unauthorized charges” on the payment cards of their previous guests. They initiated an investigation and found that an unauthorized person had installed malware into the Rosen Hotels & Resorts payment card network used by all seven hotels in the chain. The company notes that not all credit card information was exposed for each customer, with the malware identifying only parts of data like the card number but not the cardholder name, making fraud less likely in those cases.

Still, all visitors to the hotel chain who visited in the identified time frame are urged to be vigilant with regards to their credit card bills as well as other potential avenues of identity theft. As pointed out by Graham Cluley, “Rosen Hotels says that it will be contacting affected customers when they can ascertain the victim’s email or mailing address. But chances are that there are many people who visited the hotel and made card purchases without sharing their address or email details at the same time.” 

The breach went undetected for almost a year and a half so its scale and impact will not be fully appreciated for some time. The Rosen Hotel and Resort properties have over 6,300 rooms near many of Orlando’s famous theme parks. The company was quick to act in identifying and mitigating the breach and seems to be making a strong effort to offer assistance to past customers. They have established a dedicated helpline for past visitors to receive assistance. If you think you may be affected call (855) 907-3214. The phone line is active from 8 a.m. to 8 p.m. EST, Monday to Friday.