On September 17, 2016, a reservation clerk with the Organization unknowingly opened a phishing email which caused malware to be downloaded onto the Organization?s front desk system. On November 20, 2016, the Organization?s Head Office advised that there may have been possible fraudulent activity linked to one or more of the Organization?s hotels, and requested investigations. The Organization engaged a computer forensics expert but no breach was discovered. On May 4 and 19, 2017, two different credit card brands notified the Organization?s that fraudulent activity was detected. The same computer forensics expert was called in to investigate, and on May 25, 2017, the expert again advised that no breach was discovered. The Organization sought a second opinion from a different computer forensic expert, and on July 20, 2017, learned that a breach had occurred on September 17, 2016 via the phishing email. The breach was contained and malware removed on July 20, 2017.