Cyber Incident Victim: Kalahari Resorts

In late October 2015, Kalahari Resorts, based in Wisconsin Dells, Wisconsin, discovered unauthorized access to point-of-sale (POS) systems at its Ohio and Wisconsin resort locations. The breach occurred between May 18, 2015, and November 9, 2015, affecting payment terminals at specific resort outlets including restaurants, bars, retail stores, and spa facilities. An intruder installed malware designed to capture payment card data from these systems, though the front desk POS infrastructure remained uncompromised. The malware targeted customer card numbers, cardholder names, expiration dates, and verification codes processed through the impacted terminals. Kalahari officials publicly disclosed the incident on December 7, 2015, but did not specify the number of affected individuals. This marked the second payment card breach at a Wisconsin Dells resort within months, following a March-June 2015 incident at Wilderness Resort.

Upon detecting the intrusion, Kalahari immediately engaged a forensic firm to analyze its systems and contain the threat. The company removed the malware and notified the U.S. Secret Service to assist with the investigation. Kalahari spokeswoman Samantha Flynn confirmed the organization followed all notification protocols and emphasized ongoing efforts to enhance system security. The resort provided security guidance to potentially affected guests through a dedicated FAQ but did not offer complimentary credit monitoring services. Forensic analysis determined the breach was limited to specific transactional environments, with no evidence of broader network infiltration beyond the identified POS terminals.