DALLAS–Omni Hotels & Resorts has become the latest to issue a warning that it has been breached.
The company is reporting that hackers infiltrated its networks and for six months used point-of-sale malware to steal payment card data.
In a notice posted on the company’s website, Omni Hotels said it first learned of the data breach on May 30, and related malware infections began at some properties on Dec. 23, 2015, and lasted up to June 14.
Omni Hotels & Resorts operates 46 properties in the United States, plus two each in Canada and Mexico. The data breach notification provides no details on how many of its properties were hit or how many customers had payment card details compromised by attackers.
"The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date," Omni said in the statement announcing its breach. "Upon learning of the intrusion, we promptly engaged leading IT investigation and security firms approved by the major credit card companies to determine the facts and contain the intrusion. The issue has been resolved, and we have taken steps to further strengthen our systems. We have contacted law enforcement and are cooperating with its investigation."
One analyst told The Wall Street Journal the activity was first spotted in February after a hacker called JokerStash began selling more than 50,000 payment cards stolen from Omni Hotels on underground forums.
Based on the investigation to date, Omni says the hack attack only appeared to lead to POS malware infections and apparently did not touch any other systems housing customers' personally identifiable information or payment card data.
"Accordingly, if you did not physically present your payment card at a point-of-sale system at one of the affected Omni locations, we do not believe your payment card was affected," the company said in its statement.
Omni Hotels is offering potentially affected customers prepaid identity theft cleanup assistance until July 8, 2017 from AllClear ID.