The Wyndham Hotels and Resorts group has been the target of a new data security breach, resulting in personal information relating to its customers being stolen from its systems by hackers.
The hackers broke into one of the international organisation’s data centres remotely and proceeded to steal financial details and addresses of people from around the world who had passed through one of Wyndham’s establishments.
The group published a statement online providing further information about the breach, which it said was discovered in January of this year.
The statement explained that the hackers had exploited the central connection linking the Wyndham data centre to the rest of its systems in order to facilitate the theft. It is believed that a majority of Wyndham’s institutions were affected, but that only a minority of its customers have had their payment card information lifted from the servers during the attack.
Wyndham said that once the hack was detected, it was immediately neutralised and steps have been taken to ensure that the same exploit cannot be used again in the future to allow third party access to customer information.
The organisation has also stated that it has sought the help of an independent investigative body in order to check the integrity of its systems and to push through changes in the way in which it handles the security of the private data with which it deals.
Security measures are being increased at every location that bears the Wyndham brand, despite the fact that the breach was not aimed at a specific hotel, but at the centralised network where customer data is stored.
Every customer whose details were exposed during the breach has been notified, as have the various card companies in order to detect and prevent fraudulent use of the information that was obtained during the hack.
So far there have been no reported instances of the stolen data being used illegally. In its statement, Wyndham said that there was a small likelihood of this occurring as the data was limited enough to be of little use. Sensitive information including birth dates and addresses were not stored with the payment card information, making it more difficult for criminals to use.
