In what I like to call a cowardly Friday afternoon data breach disclosure, Omni Hotels disclosed that several of its hotel properties were impacted by malware infecting its point-of-sale (PoS) systems.
In an attempt to miss the news cycle and fly below the radar, companies often make data breach incidents public on Friday afternoons. While Omni Hotels is not alone in this tactic, the company did go a bit further in an effort to bury the incident, despite claiming that the privacy and protection of their guests’ information is a matter they take very seriously.
In analyzing the page hosting the breach notice, SecurityWeek discovered lines of code that specifically instruct search engines such as Google to not index the page and not include it in search results.
If a company cares about the privacy and protection of customer information, why would they purposefully try to block search engines from indexing an important announcement?
In reviewing the code of other pages across the Omni Hotel site, it’s clear the web team knows how to work with search engines, as the company has well-crafted search engine optimization details coded into other sections of the site so that potential customers can easily find hotel information.
However, the data breach notice interestingly includes the code below which actively instructs search engines not to index the page.
<meta name=”ROBOTS” content=”NOFOLLOW, NOINDEX” instart_patch_id=”17″/>
SecurityWeek has contacted Omni Hotels for comment on both the timing of the breach announcement and reason for intentionally keeping the page from search engines. The company did not respond to our inquiry by the time of publishing.
In terms of the incident itself, the hotel chain said that on May 30, they discovered that malware had infected PoS systems at some of its hotel properties.
“The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” the data breach notice said.
According to the company, the attacks did not affect all of its hotels, but they did not say how many or which hotels were affected. The company operates 60 hotels across the United States, Canada and Mexico.
“Depending on the location,” the notice reads, “the malware may have operated between December 23, 2015 and June 14, 2016, although most of the systems were affected during a shorter timeframe.”
Many hotel chains reported being targeted by cybercriminals over the past year, including Hyatt Hotels, Mandarin Oriental Hotel Group, White Lodging Services, Hilton and Starwood Hotels. Hyatt reported in mid-January that 250 of its hotels from all over the world had been affected by a breach. This spring, the Trump Hotel Collection was hit by malware targeting payment card data.
Late last month, Hard Rock Hotel & Casino Las Vegas said that hackers managed to access customer payment card data through card scraping malware installed on systems running the resort’s payment card system. For the record, Hard Rock also had code on its data breach notification statement instructing search engines not to index the page.
Last week, Wendy’s revealed that PoS malware infected the payment systems at more than 1,000 of its restaurants, more than three times larger than the initial number announced in May.
More than a dozen new PoS malware families have been discovered by researchers recently, including NitlovePoS, PoSeidon, MWZLesson, MalumPOS, Cherry Picker, AbaddonPOS, TreasureHunt, Multigrain, and many more.

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million
- Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan
- Horizon3 AI Raises $40 Million to Expand Automated Pentesting Platform
- Watch Now: Cloud & Data Security Summit Sessions
- Watch on Demand: 2023 CISO Forum Sessions
- Virtual Event Today: CISO Forum 2023 – Register to Join
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
Latest News
- Synqly Joins Race to Fix Security, Infrastructure Product Integrations
- ZDI Discusses First Automotive Pwn2Own
- Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
- US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
- Actor Tom Hanks Warns of Ad With AI Imposter
- Network, Meet Cloud; Cloud, Meet Network
- Dozens of Malicious NPM Packages Steal User, System Data
- Motel One Discloses Ransomware Attack Impacting Customer Data
