Cyber Incident Victim: Bartell Hotels

In 2014, Bartell Hotels disclosed a compromise of payment card processing systems at five San Diego properties: Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel, and Days Hotel–Hotel Circle. The breach occurred between February 16 and May 13, enabling unauthorized third-party access to customer names and credit card numbers. Bartell Hotels' internal investigation confirmed the systems were compromised by an external attacker, potentially exposing sensitive payment data. The company did not initially disclose the number of affected individuals when first notifying the public on September 3, 2014. A subsequent update from CEO Richard Bartell revised the estimated impact to 40,000–45,000 customers, with expiration dates also potentially compromised. Forensic analysis determined the breach duration spanned nearly three months across multiple hospitality venues operated by the group.

Bartell Hotels notified law enforcement agencies and major credit card brands following the breach discovery. The company stated it had addressed and remediated the root cause of the compromise while maintaining an ongoing investigation into the incident. Impacted individuals received offers for credit monitoring and identity protection services. By September 4, 2014, Bartell Hotels had initiated direct written notifications to 16,432 customers for whom mailing addresses were available, representing a confirmed subset of the total estimated victims. The organization maintained public transparency through its website's Security Compromise Notice while continuing cooperation with investigative authorities. No additional system vulnerabilities or subsequent breaches were reported following the containment measures implemented during May 2014.