Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Omni Hotels Subtly Discloses Payment System Hack

In what I like to call a cowardly Friday afternoon data breach disclosure, Omni Hotels disclosed that several of its hotel properties were impacted by malware infecting its point-of-sale (PoS) systems. 

In what I like to call a cowardly Friday afternoon data breach disclosure, Omni Hotels disclosed that several of its hotel properties were impacted by malware infecting its point-of-sale (PoS) systems. 

In an attempt to miss the news cycle and fly below the radar, companies often make data breach incidents public on Friday afternoons. While Omni Hotels is not alone in this tactic, the company did go a bit further in an effort to bury the incident, despite claiming that the privacy and protection of their guests’ information is a matter they take very seriously.

In analyzing the page hosting the breach notice, SecurityWeek discovered lines of code that specifically instruct search engines such as Google to not index the page and not include it in search results. 

If a company cares about the privacy and protection of customer information, why would they purposefully try to block search engines from indexing an important announcement?

In reviewing the code of other pages across the Omni Hotel site, it’s clear the web team knows how to work with search engines, as the company has well-crafted search engine optimization details coded into other sections of the site so that potential customers can easily find hotel information. 

However, the data breach notice interestingly includes the code below which actively instructs search engines not to index the page.

<meta name=”ROBOTS” content=”NOFOLLOW, NOINDEX” instart_patch_id=”17″/> 

SecurityWeek has contacted Omni Hotels for comment on both the timing of the breach announcement and reason for intentionally keeping the page from search engines. The company did not respond to our inquiry by the time of publishing.

Advertisement. Scroll to continue reading.

In terms of the incident itself, the hotel chain said that on May 30, they discovered that malware had infected PoS systems at some of its hotel properties. 

“The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” the data breach notice said.

According to the company, the attacks did not affect all of its hotels, but they did not say how many or which hotels were affected. The company operates 60 hotels across the United States, Canada and Mexico.

“Depending on the location,” the notice reads, “the malware may have operated between December 23, 2015 and June 14, 2016, although most of the systems were affected during a shorter timeframe.”  

Many hotel chains reported being targeted by cybercriminals over the past year, including Hyatt Hotels, Mandarin Oriental Hotel GroupWhite Lodging ServicesHilton and Starwood HotelsHyatt reported in mid-January that 250 of its hotels from all over the world had been affected by a breach. This spring, the Trump Hotel Collection was hit by malware targeting payment card data.

Late last month, Hard Rock Hotel & Casino Las Vegas said that hackers managed to access customer payment card data through card scraping malware installed on systems running the resort’s payment card system. For the record, Hard Rock also had code on its data breach notification statement instructing search engines not to index the page.

Last week, Wendy’s revealed that PoS malware infected the payment systems at more than 1,000 of its restaurants, more than three times larger than the initial number announced in May. 

More than a dozen new PoS malware families have been discovered by researchers recently, including NitlovePoSPoSeidonMWZLessonMalumPOSCherry Picker, AbaddonPOSTreasureHunt, Multigrain, and many more. 

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.