NASHVILLE—As CUToday.info has reported extensively, the list of hotels reporting a complimentary data breach with every guest check-in keeps getting longer.
Now another hotel is not just reporting a breach, but also says its systems were compromised for at least three years.
Hutton Hotel here, an upscale property with 247 rooms, said its payment processor is to blame for not notifying it that hackers had been able to install a program on the payment processing system at the hotel designed to capture payment card data as it was routed through the system.
In an announcement of the breach Hutton Hotel said the compromise included the names, payment card numbers, expiration dates and the verification codes for people who paid for or placed reservations with the hotel from Sept. 19, 2012, through April 16, 2015. Also affected are people who used onsite food and beverage outlets from Sept. 19, 2012, through Jan. 15, 2015, and from Aug. 12, 2015, through June 10.
Hutton Hotel said it has put in place new security measures and is now using "standalone payment processing devices" although it didn't explain how that helps. Law enforcement has been notified, and the hotel is working with payment card companies to identify those affected.
Meanwhile another hotel property, Ocean Key Resort & Spa in Key West, Fla., also reported it had been infected by POS malware from April 26 to June 8.