Kimpton Hotels Latest Hotel Chain to Be Hit with Credit Card Payment Breach
Kimpton Hotels & Restaurants said it received a report on July 15 of unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of its hotels. Kimpton immediately began to investigate the report and hired cyber security firms to examine its payment card processing system. Findings from the investigation show that malware was installed on servers that processed payment cards used at the restaurants and front desks of some of its hotels. The malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the affected server. The malware primarily found track data that contained the card number, expiration date, and internal verification code, but in a small number of instances it may have found the track that also contains the cardholder name.
This incident involved cards used at certain restaurants and hotel front desks from Feb. 16 to July 7. A list of the affected hotel front desks and restaurants, along with the specific time frames for each (times vary by location) is located at www.kimptonhotels.com/protectingourguests. The site also contains more information on steps guests may take to protect their information. Kimpton Hotels & Restaurants does not have information available to identify the name and address of restaurant guests. It will be mailing letters to those guests who used their card at a front desk during an at risk time frame for whom it has a mailing address.
Kimpton Hotels & Resorts said it has resolved the issue and continues to work with the cyber security firms it hired to further strengthen its existing security measures. It notified law enforcement and is also working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards.
This incident involved cards used at certain restaurants and hotel front desks from Feb. 16 to July 7. A list of the affected hotel front desks and restaurants, along with the specific time frames for each (times vary by location) is located at www.kimptonhotels.com/protectingourguests. The site also contains more information on steps guests may take to protect their information. Kimpton Hotels & Restaurants does not have information available to identify the name and address of restaurant guests. It will be mailing letters to those guests who used their card at a front desk during an at risk time frame for whom it has a mailing address.
Kimpton Hotels & Resorts said it has resolved the issue and continues to work with the cyber security firms it hired to further strengthen its existing security measures. It notified law enforcement and is also working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards.