Callaway Gardens credit, debit card records breached

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.ledger-enquirer.com/2013/05/25/2518295/callaway-gardens-credit-debit.html

A Callaway Gardens official said it is unknown how many guests may be
affected after its credit card security system was compromised over
the last eight months.

"We have just started a more in-depth investigation so the number of
accounts have not been determined yet," said Rachel Crumbley, a
spokeswoman for the resort in Pine Mountain.

Crumbley said Saturday a breach in its credit card security system
started in early September and lasted until Thursday when a credit
card processing company identified multiple companies, including
Callaway Gardens, with fraudulent credit card activity.

"In our team's immediate investigation, fraudulent malware was
detected, contained and removed," said Barry Morgan, CFO of Callaway
Gardens. "Guests are encouraged to review and monitor their electronic
credit and debit card statements for fraudulent charges."

If you were a guest before Friday and noticed any unauthorized credit card ac

tivity, you should promptly contact your financial institution.

"We wanted to alert all of our guests as quickly as possible to make
sure they take any necessary corrective and protective actions,"
Morgan said. "And, with large crowds anticipated for this weekend's
Memorial Day Weekend Festival, we want to reassure guests that our
systems have been secured and are being monitored closely."

The malware in the system at the resort collected financial
information from card users. An investigation is underway at Callaway
Gardens and by law enforcement authorities.

"As soon as we got wind of it, we informed our guests," Crumbley said.
"I was told it could take days, weeks or months when the investigation
is completed."

Until that time, guests are encouraged to review their electronic
credit card and debit card statements for fraudulent charges.

Crumbley said Callaway Gardens was using the best business practices
available in computer security technologies when the breach occurred.
Officials now have top experts in the field of computer forensics to
assist in the investigation and to recommend additional security
measures as needed.

Crumbley said emails were sent to guests about the breach. Information
also was sent out on Facebook and Twitter. Officials also have
notified four credit card companies, American Express, Visa,
MasterCard and Discover and the three major U.S. credit reporting
agencies about the incident.

Guests may also contact the credit reporting agencies to check their
credit reports. Free reports are available at
www.annualcreditreport.com, or by calling 877-322-8228, or completing
the Annual Credit Report form on the Federal Trade Commission website
at www.consumer.ftc.gov/articles/0155-free-credit-reports
.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.