Breach, Compliance Management, Threat Management, Data Security, Malware, Privacy

Extended stay: Data-stealing malware hides on Rosen Hotels’ payment card network for over year

Guests who recently lodged at Rosen Hotels & Resorts properties in theme-park destination Orlando, Fla. must hope their data hasn't been taken for a wild ride, after the hospitality company announced its properties have suffered a long-undiscovered payment card data breach.

In a corporate statement, Rosen confirmed that an investigation of its payment card network turned up malware capable of reading cards' magnetic stripe data as it is routed through affected systems. The malware collected card numbers, expiration dates, internal verification codes and in some cases cardholder names, added the company, which operates seven properties comprising over 6,300 rooms and suites.

Rosen did not indicate how many guests were likely affected; however the malware resided on its systems for well over a year, from Sept. 2, 2014 to Feb. 18, 2016. The company was finally alerted to the presence of malware in early February after receiving unconfirmed reports of fraudulent charges involving past guests.

According to its statement, Rosen is actively working with the payment card networks to identify the affected cards and notify their issuers and users. The company also said that “enhanced security measures have been implemented to help prevent this from happening again,” although no specifics were provided.

Reaction from certain corners of the data security industry was that of concern. “It's troubling to see another malware attack be so successful—and even more troubling that it persisted over a prolonged period of time without being detected, Kevin Watson, CEO at Netsurion, said in an email supplied to SCMagazine.com.

Rosen has established a dedicated helpline for affected cardholders at 855-907-3214.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.