Cyber Incident Victim: Olympia Hotel Management

Olympia Hotel Management, responsible for operating Maine's Brunswick Hotel & Tavern, publicly disclosed a cybersecurity incident on August 25, 2015, following the discovery of malware on one of the property's front desk computer systems. Security consultants identified the malware during an investigation on August 12, 2015, determining it had potentially been active on the compromised system from November 29, 2014, through July 21, 2015. The malicious software was specifically designed to capture names and payment card details processed through the hotel's front desk operations while evading detection by standard antivirus protections. Although initial notifications did not specify the number of affected guests, subsequent updates indicated approximately 2,600 individuals were impacted. The malware's functionality suggested it could enable remote access to the harvested payment data, though investigators found no conclusive evidence that attackers successfully exfiltrated or remotely accessed the compromised information during the infection period.

Upon confirming the malware's presence, Olympia Hotel Management implemented immediate measures to eradicate the infection and enhance system security protocols to prevent recurrence. The organization began notifying all potentially affected guests by mail, advising them to review their financial statements for unauthorized transactions and offering complimentary credit monitoring services as a precaution. Public notifications described the malware as sophisticated in its ability to operate covertly within the hotel's payment processing environment. The incident timeline spanned nearly eight months before detection, with remediation efforts concluding prior to the August 25 public disclosure. No additional compromises were reported following the implementation of enhanced security controls, though the investigation remained ongoing at the time of public reporting according to statements filed with Vermont authorities.