A hacker accessed the computer systems of Wyndham Hotels & Resorts, downloaded information from several WHR properties and created a unique file containing payment card information of a “small percentage” of WHR customers, the company said in a letter to customers.

How many victims?
Up to 21,000.

What type of personal information? Hotel guest and/or cardholder names, card numbers, expiration dates and other data from the card’s magnetic stripe.

Details: The incident occurred in mid-September 2008. The hacker did not obtain any Birthdates, SSNs, addresses or other personally identifying information because this information is not kept by the hotels.

What was the response? Investigators were brought in to assess if the problem was mitigated and how security could be improved. Payment card companies and affected individuals were also notified. Secret Service and several states’ attorneys general offices were notified and an investigation is underway.

Sources: Wyndham Hotels and Resorts, “Open letter to our customers,” February 2009.

www.sun-sentinel.com/, South Florida Sun-Sentinel, “Thousands of Floridians may have been affected by hotel data breach,” Feb. 16, 2009.