Scam of the day – July 13, 2017 – Trump Hotels hit with data breach

For the third time in three years, Trump Hotels have been victimized by a major data breach, however, this time the data breach was of Sabre Hospitality Solutions, a reservation booking service used by Trump Hotels. The data breach which occurred between August 2016 and March 2017 affected fourteen Trump hotels.  Compromised information included guest names, addresses, phone numbers, credit card numbers and credit card expiration dates.  If you stayed at a Trump Hotel during the time of the data breach, you should use this link provided by Trump Hotels to determine if your hotel was one of the compromised hotels.

https://www.trumphotels.com/uploads/14111/0/trump-sabre-notice-website-letter.pdf

TIPS

If you were affected directly by this data breach, your credit card may be used for fraudulent purposes so you should monitor your credit card statements regularly and often.  This is also a good time to remind you that the laws that protect you from liability for fraudulent credit card use are much stronger than the laws that protect you if your debit card is fraudulently used.  You should not use your debit card for anything other than an ATM card.

Scam of the day – July 15, 2016 – Omni Hotels data breach

Omni Hotels and Resorts just became the latest hotel chain to suffered a massive data breach joining Hyatt, Hotels, Starwood Hotels, Hilton Hotels and Trump Hotels who all suffered similar data breaches in the last year in which credit card and debit card information of their customers was stolen by unknown hackers.  Although the data breach at Omni was just recently discovered, it goes back to December 23, 2015 and was stealing credit card and debit card data from Omni Hotels up until June 14, 2016.  The Omni data breach affected forty-eight of Omni’s sixty hotels in North America.  As often is the case, hackers who steal the credit and debit card data sell it in large batches to other cybercriminals on a part of the Internet called the Dark Web.    The first batches of stolen credit cards and debit card information started turning up on the Dark Web in February of 2016.  The hotel industry continues to be an easy target for hackers as it is an industry that services large numbers of people and often the hotels are individually operated franchises rather than operating under a central data security system.  It should be noted, however, that Omni does not operate franchises.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Omni hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Omni and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Certainly if you have been an Omni customer since December 23, 2015 you should carefully review your credit and debit card statements for indications of identity theft and fraudulent charges.  If you were affected by this particular data breach, Omni  is offering free credit monitoring services for a year through AllClear ID.  You can sign up for these services by clicking on this link  https://omnihotels.allclearid.com/

Scam of the day – January 29, 2016 – Wendy’s suffers apparent data breach

Fast food hamburger chain Wendy’s announced that it had discovered “reports of unusual activity involving payment cards” at some of its restaurants and is presently investigating the matter in order to determine the full extent of the apparent data breach and where it occurred.    This story was first reported by Krebs on Security.  Wendy’s operates 5,600 company owned and franchised restaurants around the world although initial reports do not tend to indicate that the apparent data breach affected all stores.  As is so often the case, the apparent data breach was first discovered not by Wendy’s itself, but by credit card processing banks noticing a pattern of fraudulent use of credit and debit cards that could be traced back to Wendy’s restaurants.  In fact, at this time, the incident appears to follow the pattern that I described in a column I wrote for USA Today in September of 2014.  http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

Wendy’s still uses the old fashioned magnetic strip credit cards which are much easier targets for hackers than the EMV chip cards which have been required to be used by companies since October of 2015.  The rules requiring companies to switch to the new smart cards carry no specific penalty, but in the event of a data breach can result in the company not using the EMV chip cards to be responsible for the costs of fraudulent use of stolen card information.  It should also be noted that although October 1, 2015 was the deadline for retailers to switch to EMV smart card processing for credit cards and debit cards to avoid liability in the event of a data breach, the deadline for ATMs and gas station pumps to switch to the EMV smart cards is not until October 1, 2017.

TIPS

As consumers the best thing we can do is to use your EMV chip card whenever possible.  Stores such as WallMart and Target have switched to the new cards.  If you have not yet received a new EMV chip card from your credit card company, contact them and get one as soon as possible.  It still is a good idea to not use your debit card for retail purchases because the protection from liability that you get regarding fraudulent use of a debit card is not as strong as the liability protection you get when using a credit card. Further, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.

If you were a customer of Wendy’s during the last year, it is a good idea to carefully monitor the charges on your credit card for indications of fraudulent use.