The Staybridge Suites Lexington was hit with what appears to be a point of sales data breach that occurred when several devices at the Kentucky hotel were hit with malware.
The hotel, which is part of the InterContinental Hotels Group, was notified by its parent organization that several devices being operated at the facility had malware. Staybridge would only say it had been so informed “recently” but gave no specific dates when the malware was actively operating on the system.
The hotel also did not specify what type of devices were involved, but noted in a statement that the information compromised included customer name and credit card number.
“While the Staybridge Suites Lexington does not have evidence that the unauthorized actor actually accessed or acquired personal information contained on the devices, it was unable to exclude that possibility. To date, the Staybridge Suites Lexington has no evidence of any actual or attempted misuse of this information,” the company said.
Management is working with a third-party forensic's firm to investigate the incident and is in the process of informing those guests who might have been compromised.