Scam of the day – February 12, 2017 – Data breach at InterContinental Hotels

InterContinental Hotels became the latest hotel chain to disclose that it had been hacked by cybercriminals stealing credit card and debit card information, joining Kimpton Hotels, Marriot Hotels, Hyatt Hotels, Trump Hotels, Hilton, Mandarin Oriental and White Lodging which all suffered data breaches during the past year.  Trump Hotels was hacked twice in the last year.

According to a statement released by InterContinental, credit card and debit card processing equipment was infected with malware at restaurants and bars at their hotels between August and December of 2016. The full extent of the data breach has not yet been determined.  For a list of the affected restaurants, you can go to this link.

It is not known yet whether the data breach is related to the hacking by the Russian organized crime group Carbanak, that, as reported recently by Brian Krebs managed to install malware into the credit and debit card processing equipment manufactured by MICROS used in hotels around the world.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at the bars and restaurants at the InterContinental hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, InterContinental and its customers face financial problems from this data breach.


Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.


Scam of the day – February 5, 2014 – Marriott, Hilton and Starwood hotels hacked

White Lodging Services Corporation, which is a company that manages 168 hotel franchises including Marriott, Hilton and Starwood hotels in 21 states has become the latest company to disclose that its data including credit and debit card numbers of its customers has been hacked and the data is in the possession of identity thieves.  Similar to the recent hacking and data breach that occurred at the retail crafts chain, Michaels, the breach was discovered , not by the company itself, but by major banks that noticed the fraudulent use of credit cards and debit cards and were able to trace the source to a hacking of White Lodging.  Initially it appears that the hacking may have happened between March of 2013 and the end of December 2013.  Once again, this illustrates that the security measures being used by many companies to protect our sensitive data is not up to the task.  It also again reminds us that regardless of how careful you are in protecting the privacy of your personal financial data, such as credit card numbers, you are only as safe as the store or agency with the weakest security measures that hold your information.


Because of the stronger consumer protection laws in regard to fraudulent credit card use compared to the laws regarding fraudulent debit card use, you would be well advised to limiting the use of your debit card to ATMs and not for retail purchases.  Also, it is important to check your payment statements for your credit card thoroughly and regularly each month or even more often online.  If you find irregularities, regardless of how small they may be, you should report the irregularities to your credit card company and consider closing the card and getting a replacement card with a new number if your card’s security has indeed been breached.