Cyber Incident Victim: Brunswick Hotel & Tavern

Malware was discovered on a front desk computer system at the Brunswick Hotel & Tavern, a Maine-based property managed by Olympia Hotel Management, on August 12, 2015. Security consultants investigating the incident determined the malware may have been active on the system between November 29, 2014, and July 21, 2015. The malicious software was designed to capture names and payment card information from guests during transactions while evading detection by standard anti-virus programs. Investigators characterized the malware as sophisticated due to its ability to avoid security measures and permit potential remote access to the harvested data. No conclusive evidence was found to confirm whether attackers successfully exfiltrated the payment card data or personally identifiable information from the compromised system. The hotel began notifying an undisclosed number of potentially affected guests on August 25, 2015, through individual letters that described the nature of the security incident.

Olympia Hotel Management implemented measures to eliminate the malware infection and enhance the security of the hotel's computer systems following the discovery. The company offered complimentary credit monitoring services to all individuals whose information may have been exposed during the eight-month period of potential vulnerability. Updated reports indicated approximately 2,600 guests were impacted by the data security incident at the Brunswick Hotel & Tavern. The notification letters emphasized that while payment card details and names were at risk, investigators could not confirm actual unauthorized access or misuse of the information. The hotel management worked with cybersecurity consultants to address the breach and prevent similar incidents through improved system safeguards and monitoring protocols.