Cyber Incident Victim: Rosen Hotels & Resorts
Date:
Sep 2014
Location:
United States of America
Summary
A US hotel chain experienced a malware-based breach of its payment processing systems, primarily affecting restaurant locations. Unauthorized individuals installed malicious software targeting magnetic stripe data from payment cards, compromising cardholder names, numbers, expiration dates, and verification codes in some instances, while other cases only captured card data without names. The intrusion persisted undetected for an extended period before being identified through reports of unauthorized charges on guest cards. The organization engaged cybersecurity experts, coordinated with payment networks to flag compromised accounts, and initiated notifications to affected guests with verifiable contact information while supporting law enforcement investigations. The incident reflects broader patterns of point-of-sale malware attacks within the hospitality industry.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Rosen Hotels & Resorts confirmed a malware-based breach of its payment card processing systems, with unauthorized access occurring between September 2, 2014, and February 18, 2016—a period spanning nearly 18 months. The breach primarily impacted certain restaurant locations within the company's central Florida properties, though the exact number of affected sites remained unspecified. Malware installed by an unauthorized actor targeted systems processing magnetic stripe card data, capturing payment card details routed through compromised networks. Exposed information included cardholder names, card numbers, expiration dates, and internal verification codes, though in some instances the malware only harvested card numbers without associated names. No other customer information beyond payment card data was compromised. The breach remained undetected until February 3, 2016, when Rosen received unconfirmed reports of fraudulent charges on cards previously used by guests.
Rosen Hotels initiated an immediate investigation upon identifying suspicious activity, engaging a third-party cybersecurity firm to analyze its payment systems. Forensic analysis revealed the malware actively intercepted card data during transmission, focusing on magnetic stripe information. The company collaborated with payment card networks to identify potentially compromised accounts, enabling issuing banks to implement heightened monitoring. Notification efforts prioritized guests whose exposed data included both card details and names, with letters or emails sent where mailing addresses or email records existed. Rosen supported law enforcement investigations into the incident but did not disclose the total number of affected records or cards. The breach exemplified a pattern of point-of-sale malware attacks affecting multiple hotel chains during this period, including Mandarin Oriental, Trump, Hilton, Marriott, Sheraton, and Westin. Operations continued without reported disruptions as remediation efforts progressed.