P2017-ND-123

The Organization operates hotels in New York City. On June 6, 2017, the Organization was notified by its service provider that an unauthorized party gained access to account credentials that permitted access to unencrypted payment card data and certain reservation information for some hotel reservations processed through the service provider?s Central Reservations System (“CRS”). The unauthorized party was able to access payment card information for some hotel reservations at affected properties. The Organization reported an ?investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016. The last access to payment card information was on March 9, 2017.?

File Type: pdf
File Size: 331 KB
Categories: 2017