New York-based Holiday Valley Resort announced that malware may have compromised payment cards used at any of the resort's point-of-sale (POS) devices between October 2014 and June.
How many victims? Undisclosed.
What type of personal information? Names, credit and debit card numbers, expiration dates, and three-digit CVV numbers.
What happened? An early investigation revealed malware on a number of POS devices, which could have put the personal information at risk.
What was the response? The malware has been removed and it is now safe to use cards at the resort. Holiday Valley Resort engaged a third-party forensic service provider to conduct an investigation and implement additional security measures. Law enforcement, card payment processing companies and financial institutions have also been notified. An investigation is ongoing. Any guest whose card has been harmed is being offered a free year of credit repair services.
Details: Payment cards used between October 17, 2014, and June 2 at any Holiday Valley Resort POS device – including food and beverage, recreation, retail and lodging – may have been compromised.
Quote: “Holiday Valley Resort is unable to match account numbers with full contact information of affected guests,” a FAQ said. “Therefore, we could not notify you directly by email, postal mail or telephone. However, we have notified card payment processors, who have notified affected financial institutions, who may have contacted you directly.”
Source: holidayvalley.com, “Credit Card Breach Letter To Our Customers,” June 2015; holidayvalley.com, “Credit Card Breach Q&A's,” June 2015.