What Hotels Need to Know to Protect Against Inevitable Data Breaches
By Philip J Harvey President, Venture Insurance Programs | February 14, 2016
Data breaches are happening at hotels with increasing frequency, from small boutique properties to some of the largest international brands. Hilton, Starwood, Mandarin Oriental, Hyatt and the Trump Collection were all prominent victims in 2015.
Hyatt discovered malware designed to steal credit card data on computers that operate payment processing systems. At Evans Hotels, back-up card readers used to encrypt payment card data were breached. The front desk system at Peppermill Resort Spa & Casino was breached, compromising guest payment card information.
In a growing trend of criminals exploiting weaknesses in point-of-sale (POS) security, hackers used a malware intrusion of Starwood's POS system to expose credit/debit card information used at retail shops, gift shops and restaurants at its W., Sheraton and Westin brands. Hackers compromised POS registers in gift shops and restaurants at a large number of Hilton hotel and franchise properties across the country. Hackers also accessed POS systems at most Mandarin Oriental properties in the U.S.
Not only are hotels susceptible to data breaches, but they also present complex risk management and insurance challenges, with systems stretching across multiple properties, brands and franchises.
Yet, despite the frequency and severity of these attacks, many hotels are not prepared for the inevitable breach. They do not have data breach response plans, solid risk management strategies or insurance to cover the costs involved when there is a breach. These costs run into the millions and include myriad expenses like computer forensic investigations, guest notifications, legal defense of potentially costly lawsuits and public relations costs to protect and restore a tarnished image.
Vulnerable, But Unprepared