Destination Hotels card-processing system hacked

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9178695/Destination_Hotels_card_processing_system_hacked

By Robert McMillan
IDG News Service
June 29, 2010

Hackers have broken into the payment processing system of Destination 
Hotels & Resorts, a high-end chain best known for its resort hotels in 
destinations such as Vail, Colorado; Lake Tahoe, California; and Maui, 
Hawaii.

Guests who recently stayed at 21 of the resort's 30 hotels may have been 
victimized by the scheme, which appears to have compromised point-of-sale 
systems. The company refused to release many details of the incident -- 
citing an ongoing investigation by the U.S. Federal Bureau of 
Investigation -- but in a note posted to its Web site said that it had 
"uncovered a malicious software program inserted into its credit card 
processing system from a remote source."

Destination Hotels is in the process of notifying victims but will not say 
how many people have had their credit card numbers stolen, a company 
spokeswoman said.

However, the attackers appear to have hit only point-of-sale processing 
systems, where credit cards are swiped for purchases. Personal information 
such as guests' home addresses was not compromised, the company said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php