Guests staying at Wyndham Hotels in the past few months may have had their credit card details hacked into.
An open letter posted on the hotel group’s website by Kirsten Hotchkiss, senior vice president of enterprise compliance and employment counsel at Wyndham Worldwide said that it “discovered that a sophisticated hacker penetrated the computer systems of one of the Wyndham Hotels and Resorts (WHR) data centres over a three-month period”.
Guest names, card numbers and expiration dates were compromised, but Hotchkiss could not confirm the individuals whose card information may have been acquired.
She said: “By going through the centralised network connections, the hacker was able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers. The incident did not affect any of the other branded hotels in the Wyndham Hotel Group system.”
Wyndham said that the data was moved off-site between late October, 2009 and January 2010, when the incident was discovered.
The hotel became aware of the incident after guests reported that their cards had been stolen and used fraudulently after staying at one of the WHR hotels.
A full investigation is currently underway, expected to take more than eight weeks.
Hotchkiss added: “We deeply regret this incident occurred and we will work hard to restore your confidence in our brand.”