Wyndham Hotels is contacting consumers, credit card companies and the U.S. Secret Service as the hotel chain continues its investigation into the latest hacking incident affecting some of its properties in which guests' credit card information was compromised.
Hacking incidents of this nature are particularly troubling to online travel sellers who battle consumer concerns about the data security of online booking. However, in one of at least three breaches at Wyndham since 2008, the hotel company's Phoenix database was hacked, so the incident may have impacted guests who paid by credit card regardless of where they booked their stays.
Wyndham spokesman Evy Apostolatos says the latest incident appears to have affected 37 of the company's nearly 350 Wyndham-branded properties at various times between Oct. 25, 2009, and January 29, 2010. Wyndham's other brands -- including Ramada, Days Inn, Super 8, Wingate, Baymont, Microtel, Hawthorne Suites, Howard Johnson, Travelodge and Knights Inn -- were not hacked in the latest incident.
"This computer security incident occurred while Wyndham was in the process of completely upgrading the information security specifications for all the Wyndham-branded hotels," Apostolatos says.
Asked what Wyndham is doing to ensure new breaches won't occur, Apostolatos says:
"While no data security policy can guarantee that unauthorized data access will not happen in the future, we have safeguards in place designed to protect personal information. In addition to ensuring that the hack was quickly isolated and contained, we revalidated our information security infrastructure and ensured that we maintain industry standard protections for customer data."
In prior incidents, Wyndham sent letters like the following one to various state officials. This one was posted by the Open Security Foundation.
Apostolatos says the forensic investigation into the latest breach will delve into whether the most-recent incident is related to prior ones.
"Our priority is to identify all potentially affected active credit card holders," Apostolatos says. "To the extent the identity of those individuals can be confirmed, we will notify them and offer a free credit monitoring service for a full year."
And, some of those Wyndham guests may now truly need those credit-monitoring services.