We have discovered a serious data security breach of our computer system that occurred between May 21, 2011 and March 10, 2012, which, if you stayed with us during that period, may have compromised your credit and/or debit card information.
The breach involved an outside party gaining access to our computer system. If any of your credit and/or debit card information was accessed by the hackers, it would have included your full name, your credit and/or debit card number, your credit and/or debit card expiration date, other discretionary data that your credit and/or debit card company may have placed in the magnetic stripe on the back of your card, and the credit and/or debit card’s service code. A cyber security firm recommended to us by the U.S. Secret Service and hired by us to investigate the breach has advised that there is no evidence of debit card Personal Identification Numbers (PINs) having been accessed.
We are working with the cyber security firm and the U.S. Secret Service on this matter. Specifically, we have thoroughly investigated what took place and have taken, and are continuing to take, appropriate action to prevent this type of incident from happening again. In particular, we have removed the program created to gain access to our network and that was used to obtain cardholder information. We have also undertaken additional steps to prevent this sort of compromise from happening again.
We also have advised the three (3) major U.S. credit reporting agencies – Experian, Equifax, and TransUnion – and have given those agencies a general report, alerting them to the fact that the incident occurred. Even though we have taken the foregoing steps, if you were a guest at our hotel between May 21, 2011 and March 10, 2012, you should take action as well.
This is a serious incident. As such, we strongly encourage you to immediately take preventative measures – including contacting your credit card company(ies), banks/financial institutions, and the three (3) U.S. credit reporting agencies referenced above – to help prevent and detect any misuse of your information, if, in fact, your information was compromised.
To contact the three (3) major credit reporting agencies and request copies of your credit reports, the telephone numbers (and websites) for ordering credit reports and placing fraud alerts on the credit reports are: 1-800-685-1111 or 1-800-525-6285 (Equifax – www.equifax.com); 1-888-397-3742 or 1-888-397-3742 (Experian – www.experian.com); and 1-800-888-4213 or 1-800-680-7289 (Trans Union – www.transunion.com). Even after obtaining your credit reports, you should periodically review updated credit reports to make sure they are accurate and include only those activities you have authorized and to make sure you can have deleted any information relating to any fraudulent transactions. You have the right to obtain your credit report free of charge once a year through http://www.annualcreditreport.com, or anytime from the credit reporting agencies if you have reason to believe that your file may contain inaccurate information due to fraud.
You also can request that the major credit reporting agencies place a fraud alert on your credit file, which will put creditors on notice that your accounts may be subject to fraud, so that they must contact you before opening any new accounts or making changes to your existing accounts.
You should remain vigilant over the next twelve (12) to twenty-four (24) months and promptly report any incidents of suspected identity theft to us, as well as the credit reporting agencies, your credit card companies, and your banks (if your debit card information was stolen). You should also review your account statements and immediately report any suspicious activity. If you find suspicious activity on your credit reports or have reason to believe your information is being misused, you should file a police report and retain a copy of it to provide to us or other creditors when challenging any suspicious activity.
In addition to the steps described above, you should file a report of any suspicious activity with the Federal Trade Commission (FTC) using the website or telephone number listed below. For more information on how to protect yourself against identity theft, the FTC provides online guidance, as well as a toll-free telephone number. The FTC’s toll-free number is 1-877-IDTHEFT and its website address is http://www.consumer.gov/idtheft.
Thank you for your careful attention to this matter. If you have any questions, you may contact Lisa Armbruster at The Desmond at Larmbruster@desmondhotels.com. We offer our sincerest apology for the concern and inconvenience this has caused.