Well, it’s happened again. A major establishment, this time the Los Angeles Westin Bonaventure Hotel, has been targeted by identity thieves and customers may have had their credit card information stolen and possibly used for fraudulent transactions. Surprisingly, the hotel is releasing the news of the security breach up to a year after the event, which happened during a long time span, between April 2009 and December 2009.
According to a press release issued by the Westin Bonaventure Hotel hotel on March 5, some kind of data breach occurred with the Bonaventure’s four eateries, the Lake View Bistro, Lobby Court Bar, Bonavista Lounge, L.A. Prime as well as customers of the hotels valet parking services. The hotel believes the information theft took place between April 2009 and December 2009. The release goes on to say only the customers of the restaurants and valet parking were potentially victimized, not hotel guests, as that system was apparently not compromised.
The release goes on to say the hotel contacted and cooperated with police and they continue to investigate, along with the credit card companies. The release did not go into any detail as to how the information was stolen or compromised.
There are many ways this information may have been taken. They range from theft by an internal employee, to some kind of data theft or data security breach. Their system may have been hacked into, or may have not been as secure as was necessary. It is disturbing to see how long the breach was allowed to go on (possibly eight months), as well as how long the hotel took to report the problem to their guests, the potential victims.
According to the Westin press release, the stolen information may have included names printed on customers’ credit or debit cards, credit or debit card numbers, and card expiration dates. Of course, this only affects those customers who used credit or debit cards.
Any business that accepts credit cards, whether they are a large corporate hotel, or the local newsstand, has a high level of responsibility to protect the security of private data, during the whole transaction process, from the swipe of the card to the transfer of that information from the business to their bank or processor. There have been horror stories of businesses using unsecured, common household wireless networks to transmit or store secure banking and credit card data. Or simply throwing away receipts, reports and records with sensitive data into trash cans and dumpsters, raw and un-shredded.
The Westin Bonaventure Los Angeles Hotel, as well as their corporate parent have a lot to answer to as to their procedures in place at the time of the breach, their discovery handling and notification during and after the breach, and the changes and actions they have taken to prevent future incidents.
Westin Bonaventure Press Release