Wyndam: 37 hotels were hit in latest hack

I reported last week that Wyndham Hotels hat been hacked for the third time in just over a year. Apparently criminals identified a vulnerability in computers used by the hotels and were able to steal sensitive customer data from a number of franchisees.

News of the company's third breach is costing Wyndham some business, and this latest disclosure gives some context as to how many hotels were hit.

Wyndham operates over 7,114  hotels worldwide, including Ramada, Days Inn and Super 8. Just how many hotels were hit by this latest attempt was unclear, however. Until today. The company just released a statement saying that 37 hotels were hit, and that only Wyndham-branded properties were hit. That looks like the same M.O. we've seen in previous attacks


Wyndham Hotels and Resorts experienced a computer security incident in late 2009. As a result of that incident, an unauthorized user may have gained access to credit card numbers and certain associated information. As soon as the incident was identified, the perpetrator’s access was quickly isolated and contained. We believe a maximum of 37 Wyndham Hotel and Resorts branded properties may have been affected for various windows of time during the period between October 25, 2009 and January 29, 2010.

Guest records of the more than 7,000 non-Wyndham Hotels and Resorts branded hotels in the Wyndham Hotel Group were not affected. An outside forensic firm has been engaged to thoroughly investigate the incident.  The investigation is ongoing and as it proceeds, the period during which the properties were affected may prove to be significantly shorter. We are working to identify and notify all potentially affected customers as quickly as possible, and will offer them free credit monitoring services at our expense.  We are also working closely with the major credit card brands, and have reported the incident to the U.S. Secret Service.

The company deeply regrets any inconvenience or concern that this incident may have caused. Safeguarding customer privacy is a top priority at Wyndham, and we are committed to protecting the security and confidentiality of customer information. Data security standards and protocols are constantly evolving, and we continually upgrade, monitor and evaluate our systems to protect our customers.  This computer security incident occurred while Wyndham was in the process of completely upgrading the information security specifications for all the Wyndham-branded hotels.

Copyright © 2010 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)