Breach, Data Security

Credit cards among data possibly accessed in AMResorts breach

An undisclosed number of individuals who used their credit cards to book reservations through the website of hotel management company AMResorts may have had their personal information compromised.

How many victims? Undisclosed. 

What type of personal information? Names, addresses, credit card information, telephone numbers, email addresses and possibly dates of birth.

What happened? AMResorts parent company Apple Leisure Group (ALG) began receiving calls from customers regarding suspicious activity on their credit cards. ALG launched an investigation and identified activity in the AMResorts system that possibly indicates unauthorized access to the personal information.

What was the response? An investigation is ongoing. Processes were changed so that access to credit card information is no longer possible. All potentially impacted individuals are being notified, and offered a free year of identity protection services.

Details: ALG began receiving calls from customers on May 6, 2014, with regard to suspicious activity on their credit cards.

Quote: “Although no malware, computer virus, or network intrusion has been identified, the investigation did identify activity in the system that may indicate unauthorized access to the data,” according to a notification letter signed by Gonzalo del Peon, president of AMResorts, and William Hopping, general counsel for ALG.

Source:, “AMR Resorts,” Dec. 15, 2014; AMResorts did not respond to a request for additional information.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.