Here’s What You Need To Know About Hard Rock, Loews Hotels Hack Attacks

Image courtesy of walkerspace

If you’ve stayed at a Hard Rock Hotel & Casino or Loews Hotel you’ll want to keep an eye on your financial statements after the two lodging companies revealed they’re the latest victims of a hack attack. 

The hotel companies revealed recently that they were affected by a data breach over the weekend, noting that it was tied to an earlier hack of third-party reservation system operated by Sabre Hospitality Solutions SynXis.

Sabre announced that its systems had been breached back in May, noting in an Securities & Exchange Commission filing that it was investigating an incident involving unauthorized access to payment information contained in a subset to its hotel reservations processed through the SynXis system.

The company retained “expert third-party advisors” to assist in the investigation, warning that it was possible that some customers’ personal information, including payment card data, had been compromised.

In an update last week, Sabre said that not all reservations viewed by the hackers included payment information. Additionally, personal information such as social security, passport or driver’s license number was not accessed.

The company’s investigation determined that the hack was limited to a subset of bookings made through its reservation system from Aug. 2016 to March 2017.

“Not all of our SHS customers had reservations that were accessed, and even for those that did have reservations that were viewed, it varied with regard to the percentage of reservations that were accessed,” the company said.

While the company didn’t note which hotels were affected by the breach, at least two have started notifying customers of the issue.

Hard Rock Hotels Affected

Hard Rock revealed that Sabre informed the company on June 6 that the personal information, including unencrypted payment card information and certain reservation information, of customers staying at 11 Hard Rock properties were affected by the breach that occurred between Aug. 10, 2016 and March 9, 2017.

Affected properties include:
Hard Rock Hotel & Casino Biloxi
Hard Rock Hotel Cancun
Hard Rock Hotel Chicago
Hard Rock Hotel Goa
Hard Rock Hotel & Casino Las Vegas
Hard Rock Hotel Palm Springs
Hard Rock Hotel Panama Megapolis
Hard Rock Hotel & Casino Punta Cana
Hard Rock Hotel Rivera Maya
Hard Rock Hotel San Diego
Hard Rock Hotel Vallarta

Loews Hotels Affected

Luxury hotel brand Loews says that it was also notified by Sabre on June 6 that 21 of its properties were affected by the breach. Those locations include:

• Beach House Suites by The Don CeSar
• Hotel 1000
• Loews Annapolis Hotel
• Loews Atlanta Hotel
• Loews Boston Hotel
• Loews Chicago Hotel
• Loews Chicago O’Hare Hotel
• Loews Coronado Bay Resort
• Loews Don CeSar Hotel
• Loews Hollywood Hotel
• Loews Hotel Vogue
• Loews Madison Hotel
• Loews Miami Beach Hotel
• Loews Minneapolis Hotel
• Loews New Orleans Hotel
• Loews Philadelphia Hotel
• Loews Regency New York Hotel
• Loews Regency San Francisco Hotel
• Loews Santa Monica Hotel
• Loews Vanderbilt Hotel
• Loews Ventana Canyon Resort

As with the Hard Rock Hotels breach, Loews says that the unauthorized party was able to access payment card information for some hotel reservations, including cardholder name, payment card number, card expiration date, and potentially card security code. In some cases, the unauthorized party also was able to access guest name, email, phone number, address, and other information. However, Social Security, passport, and driver’s license number was not accessed.

What Should You Do?

Sabre notes in a customer notice that anyone who books a reservation during the seven month hack window should “remain vigilant” for incidents of fraud and identity theft by reviewing their account statements.

Guests of the hotel are also advised to obtain their credit report, and to place a fraud alert or security freeze on their credit report file.

If you believe that your information has been misused, you are encouraged to file a complaint with the FTC and to take these additional steps: (1) close the accounts that you have confirmed or believe have been tampered with or opened fraudulently; and (2) file and keep a copy of a local police report as evidence of the identity theft crime.