Cyber Incident Victim: Sentinel Hotel
Date:
Jul 2016
Location:
United States of America
Summary
A hotel experienced a payment card breach involving malware installed on a single front-desk terminal, compromising cardholder names, account numbers, expiration dates, and verification codes. The unauthorized program operated for nearly three months before detection, affecting guests who physically used cards at the compromised terminal but excluding online transactions. The establishment engaged a security firm to investigate, disabled the malicious software, and implemented enhanced protective measures. Law enforcement was notified, and impacted individuals with available contact information received direct notifications. Customer support channels were established to address concerns regarding the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Sentinel Hotel publicly disclosed a payment card security incident on November 4, 2016, following an investigation triggered by guest reports of unauthorized charges. The hotel initiated this investigation after learning that multiple guests experienced fraudulent transactions after using payment cards at the property's front desk. Forensic experts hired by Sentinel identified on October 5, 2016, that malicious software had been installed on a single front-desk payment terminal. This unauthorized program operated between July 12, 2016, and October 3, 2016, capturing payment card details including cardholder names, account numbers, expiration dates, and verification codes as guests entered information at the compromised terminal. The malware specifically targeted transactions processed through this physical terminal, leaving payment cards used on the hotel's website unaffected by the breach.
Upon confirming the compromise, Sentinel Hotel immediately disabled the affected terminal and terminated the malware's operation. The organization engaged continuously with cybersecurity professionals to enhance system protections and prevent recurrence. Law enforcement agencies received notification and were provided with investigation support. Sentinel implemented a notification campaign using available contact information to alert guests who used the compromised terminal during the 84-day exposure window. Impacted individuals received either physical letters or electronic communications detailing the breach parameters. The hotel established a dedicated call center and informational webpage to address guest inquiries while expressing regret for resulting inconveniences. No evidence suggested continued data collection after October 3 or expansion beyond the single terminal.