The New York Times reports on an issue we’ve discussed before: Hotel computer systems being hacked by criminals in order to gather the personal financial data of guests. In February, a survey from Trustwave showed that private data stored hotel networks are major targets for hackers. In March, IDG News Service reported that hackers broke into databases at Wyndham Hotels & Resorts and stole customer information.
The New York Times reports:
A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent).
Why hotels? Well, to paraphrase the bank robber Willie Sutton, hackers hit hotels because that is where the richest vein of personal credit card data is. At hotels with inadequate data security, “the greatest amount of credit card information can be obtained using the most simplified methods,” said Anthony C. Roman, a private security investigator with extensive experience in the hotel industry.
“It doesn’t require brilliance on the part of the hacker,” Mr. Roman said. “Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.” […]
It often takes months for these attacks to be discovered by hotels — and by customers who may be on the road frequently and not monitoring card activity reports carefully. […]
Fraud experts say that hackers often steal personal data and make multiple small charges to validate a card, probe its vulnerability and test the vigilance of a cardholder before making bigger charges.