Back to blog

The Vacation That Keeps Costing You: A Look at the Rosen Hotels & Resorts Breach

Pathlock
April 7, 2016

The Vacation That Keeps Costing You: A Look at the Rosen Hotels & Resorts Breach

Red flags went up in February when recent guests at Rosen Hotels & Resorts noticed unauthorized
Breach led to unauthorized charges

Breach led to unauthorized charges

charges on their credit card statements and contacted the chain. Rosen Hotels acted immediately, bringing in a cyber security expert to check their systems. The expert uncovered malware installed on the hotel’s payment card network. After further investigation, they found that data had been stolen between September 2, 2014 and February 18, 2016. The malware pulled data that was read from the magnetic strips of credit cards. Rosen acknowledged that in some instances the malware was able to get payment card data but not the cardholder’s name. In other cases the malware was able to pick up the cardholder’s name, card number, expiration date and internal verification code. This was going on undetected for approximately 17 months. Unfortunately Rosen Hotels is just another corporate victim to have customer data stolen during a breach. Other hotel chains that have had similar incidents include Trump, Hilton, Marriott, Sheraton and Westin. So what can hotel chains do to protect themselves from a breach? And how did the one at Rosen Hotels & Resorts go undetected for so long? Most likely the malware at Rosen Hotels was installed on a publicly accessible system, which would bypass perimeter firewall or Intrusion Protection Systems. Once in the internal network, the malware would be able to go anywhere undetected. This is because most organizations do not monitor for malware propagation internally. Once the malware installed itself on the credit card system and started sending the credit card data directly to an external IP, an anomaly detection solution on the perimeter would have seen this and generated an anomaly alert. Pathlock’s Cyber Governance solution would then correlate the anomaly alert and IP address to a high value system, notifying the security team to investigate. The solution connects the threat to the business impact. Don’t wait for a cyber attack to expose your vulnerabilities. Find out how Pathlock’s Cyber Governance automates the linkage between your cyber policies and standards with underlying controls, highlighting areas of exposure. Contact Pathlock today.