The Organization uses a central reservations system (CRS) provided by a third party service provider. The Organization received information from the service provider that an unauthorized party obtained access to account credentials that permitted access to a subset of hotel reservations processed through the hospitality CRS. The unauthorized party used the account credentials to view a credit card summary page on the hospitality CRS and to access payment card information. The unauthorized access first occurred on August 10, 2016. The last access to payment card information was on March 9, 2017.