Adobe MAX Hotel POS Hacked
Last weekend I got a letter in the mail from my credit card company. It stated the following:
"A merchant accepting the American Express Card for payment detected unauthorized access to its data files. At this time we beleive the affected data included your American Express Card account information and personal contact information"
The letter went on to say additional fraud alerts have been added to my account and suggested that I montitor my credit closely for the next few months. The thing it didn't tell me was WHO. Which merchant had the security breach? So I called and asked... I wasn't really expecting AMEX to tell me who it was, but suprisingly they did.
Turns out that the Westin Bonaventure hotel in Los Angeles, one of the official Adobe MAX 2009 hotels, was the culprit. After plugging a quick search into Google I found a plethora of articles about the security breach. According to one article from esecurityplanet.com:
"The hotel's point-of-sale system (POS) for processing debit and credit card transactions "may have been illegally accessed by an outside hacker," hotel officials said in a statement, adding that they are working with law enforcement agencies and major credit card companies to investigate the likely breach.
So far, Westin Bonaventure officials have isolated the source of the security breach to four bars and eateries on the property, as well as the valet parking station. The venues in question include the Lake View Bistro, the Lobby Court Bar, the Bonavista Lounge, and LA Prime.
The data possibly compromised by hackers includes customers' names, credit and debit card numbers, as well as card expiration dates."
The Westin Bonaventure has also issued a statement about it.
This is just another reminder that PCI DSS is nothing to sneeze at, and that physical security is important too.
