Cyber Incident Victim: Noble House Hotels and Resorts
Date:
Dec 2014
Location:
United States of America
Summary
A luxury hotel chain experienced a payment card breach involving malware on systems at six properties, potentially compromising cardholder names, numbers, expiration dates, and CVV data from magnetic stripes. The malware affected payment processing across multiple locations over varying periods, with the intrusion discovered following customer reports of fraudulent charges. The company notified law enforcement and offered reimbursement for documented fraudulent expenses not covered by financial institutions. While few confirmed fraud cases were initially reported, the breach posed ongoing risks of unauthorized card use.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Noble House Hotels and Resorts publicly disclosed a payment card breach impacting customers at six luxury properties following reports of fraudulent charges on customer cards. The breach was discovered on October 15, 2015, after an investigation revealed malware potentially installed on payment processing systems. The malware targeted magnetic stripe data, compromising cardholder names, card numbers, expiration dates, and CVV numbers from cards physically swiped at point-of-sale systems. Affected properties included The Portofino Hotel and Marina in Redondo Beach, California (April 3 to August 11, 2015); The Edgewater in Seattle, Washington (December 29, 2014 to August 11, 2015); Little Palm Island Resort and Spa in the Florida Keys (December 29, 2014 to May 22, 2015); Mountain Lodge Telluride in Colorado (December 29, 2014 to May 27, 2015); Ocean Key Resort and Spa in Key West, Florida (December 29, 2014 to August 6, 2015); and River Terrace Inn in Napa, California (December 29, 2014 to August 11, 2015). The earliest known compromise occurred on December 29, 2014, with activity continuing through August 11, 2015, though the notification did not clarify whether this represented a single continuous intrusion or separate incidents starting in December 2014 and April 2015.
Noble House Chairman Patrick R. Colee confirmed the company notified the FBI and directly alerted potentially impacted customers via mailed letters. The notification advised customers to monitor statements and report suspicious charges to their financial institutions. Noble House offered reimbursement for documented, unreimbursed fraudulent charges declined by financial institutions, directing affected individuals to contact a provided phone number. While the hotel group stated only a limited number of fraud cases had been reported at the time of notification, they acknowledged the possibility of additional fraudulent activity emerging as customers reviewed historical transactions. The company posted a copy of the notification on its official website, accessible via a link on the homepage, to ensure broader awareness. No specific details regarding malware removal, system remediation, or forensic methodology were disclosed in the source material.