Omni Hotels & Resorts breach – Fraud.org

/in /by

omni-crop.jpg

Omni Hotels & Resorts has announced that 80 percent of their North American hotels had their point-of-sale systems compromised by malware between December 23, 2015 and June 14, 2016. It is believed that payment card information for more than 50,000 Omni customers may have been compromised due to this breach.

Announced: July 8, 2016

Description of the breach: From December 23, 2015 through June 14, 2016, a majority of Omni Hotels & Resorts’ point-of-sale systems were infected with malware. This malicious code was used to collect cardholder names, credit/debit card numbers, security codes, and expiration dates. Omni has stated that they are confident only cards that were physically presented for payment are at risk of being compromised. Their reservation and Select Guest membership systems were not breached.

Omni Hotels & Resorts is encouraging individuals who physically presented their card at the hotel to monitor their accounts and credit reports for fraudulent activity. Customers are being asked to immediately contact their bank or card issuer should they spot any fraudulent activity.  

Omni Hotels & Resorts is offering one year of free identity theft protection to all affected guests. The coverage offers identity theft monitoring and a $1 million identity theft insurance package. To take advantage of this offer, Omni Hotels & Resorts requests that customers contact them at 1-855-303-9809.

Data breach period: December 23, 2015 – June 14, 2016

Affected customers: More than Omni 50,000 customers.

Official information from Omni Hotels & Resorts: https://www.omnihotels.com/notice

Contact Omni Hotels & Resorts: 1-855-303-9809 (for free identity theft protection), https://www.omnihotels.com/contact-us

More coverage of this breach: Wall Street Journal

Wendy’s breach – Fraud.org

/in /by

wendys-crop.jpg

Wendy’s, the Ohio-based fast-food chain, announced a point-of-sale terminal breach in late January 2016. In July 2016, the company announced that the breach was significantly larger than previously disclosed.

Announced: January 2016 (updated July 2016)

Description of breach: From December 2015 – June 2016, at least 1,025 Wendy’s restaurants had their point-of-sale systems affected by a data breach. Wendy’s has reported that customers who paid with their credit or debit card at an affected location may have had their their cardholder name, credit or debit card number, expiration date, cardholder verification value (CVV), and service codes of a customer’s payment compromised.

Consumers who visited a Wendy’s location during this breach period, are encouraged to determine if they were affected by the breach by searching the list of affected restaurants found here.

Consumers who purchased any items from a compromised Wendy’s during the breach time period, are being urged to closely monitor their credit, and take advantage of their offer to pay for one year of free credit monitoring services by calling them at (866) 779-0485.

Data breach period: December 2015 – June 2016

Affected customers: Unknown. 1,025 locations were affected.

Official information from Wendy’s: An FAQ is available here.

Contact Wendy’s: Customers may call a toll-free number (888-846-9467) or email PaymentCardUpdate@wendys.com with specific questions.

More coverage of this breach: KrebsOnSecurityJuly update from KrebsOnSecurity

Noodles & Company breach – Fraud.org

/in /by

noodles-crop.jpg

The restaurant chain Noodles & Company has announced that the payment information of an undisclosed number of customers has been compromised. Customers who used their credit or debit card at one of the affected stores in 27 states and the District of Columbia are being advised to take precautions against fraud. The breach occurred as a result of malware installed on a Noodles & Company store’s register between January 31, 2016 and June 2, 2016.

Announced: June 28, 2016

Description of the breach: Beginning in January 2016, Noodles & Company restaurants in 27 states and the District of Columbia were affected by point-of-sale malware targeting payment card information. Affected stores had malware living on their registers and collecting sensitive customer data between January 31, 2016 and June 2, 2016. The malware collected data such as the cardholder’s name, card number, expiration date, and CVV. To see if a Noodles & Company restaurant near you was affected, access the full list of affected restaurants by clicking here.

Although the breach has been contained, and all stores are now safe to use credit or debit cards, Noodles & Company patrons are being urged to monitor their credit report and credit/debit cards for fraudulent activity. Noodles & Company is also urging affected customers to consider placing a fraud alert or credit freeze on their account. Placing a fraud alert on your account requires creditors to take extra steps to verify your identity before granting credit in your name. A credit freeze prevents access to your credit report until the freeze is lifted. To place a fraud alert or credit freeze on your credit report, contact one of the the three major creditors below:

  • Equifax: 800-525-6285

  • Experian: 888-397-3742

  • TransUnion: 800-680-7289

Data breach period: January 31, 2016- June 2, 2016

Official information from Noodles & Company: https://www.noodles.com/security/

Contact Noodles & Company: 888-849-1067

More coverage of this breach: Consumerist

MySpace breach – Fraud.org

/in /by

myspace_crop.jpg

The social media website Myspace has announced that it was the victim of possibly the largest password breach in history. Approximately 360 million email addresses and 427 million passwords of Myspace users recently appeared on the dark web for sale. The breach is believed to have compromised the login credentials of all accounts created prior to the June 11, 2013 site relaunch.

Announced: May 27, 2016

Description of the breach: On May 31, 2016 Myspace notified their members that “stolen Myspace user login data was being made available in an online hacker forum.” This data includes 427,484,128 passwords and 360,213,024 email addresses. In a blog detailing the security measures Myspace has taken since as a result of the breach, Myspace stated that they have “invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password.”  

Because many consumers reuse their passwords across multiple sites, those accounts are likely susceptible to hacking if the account holders use the same login/password combination elsewhere. If you reuse your Myspace password or suspect you may have, it is advisable that you change your passwords immediately. In addition, Myspace users are being advised to be wary of suspicious emails as hackers tend to use the information from large data breaches in phishing scams to lure individuals into clicking dangerous links or relinquishing private information.

Data breach period: Prior to June 11, 2013

Official information from Myspace: https://myspace.com/pages/blog

Contact Myspace: dsp_help@myspace-inc.com

More coverage of this breach: Motherboard and USA Today

LinkedIn breach – Fraud.org

/in /by

 linkedin_crop.jpg

LinkedIn, the professional social networking site, has announced that the 2012 breach that compromised 6.5 million login credentials is now much more extensive than they originally believed. The breached information is now known to include information on 167 million LinkedIn accounts, 117 million of which contain both the emails and the passwords of users. It is not clear whether the 167 million LinkedIn accounts include or are in addition to the original 6.5 million login credentials that were compromised by the same hack in 2012.

Announced: May 18, 2016

Description of breach: LinkedIn released a statement to its members on May 18, confirming the breach was larger than they originally believed and detailing the security procedures the website will undergo: “Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.”

Data breach period: 2012

Official info from LinkedIn: https://blog.linkedin.com/2016/05/18/protecting-our-members

Contact LinkedIn: https://www.linkedin.com/help/linkedin/ask

More coverage of this breach: Fortune, Motherboard, and PCWorld

 

Lifeboat Network breach – Fraud.org

/in /by

minecraft-crop.jpg

Lifeboat Network, a division of Minnesota-based Hydreon Corporation, has announced that it experienced a data breach that compromised email addresses, usernames, and weakly-hashed passwords on 7 million users. Lifeboat is the operator of a network of servers for the popular Minecraft PE mobile game.

Announced: April 27, 2016
 
Description of breach: Lifeboat Network, the operator of a network of hundreds of servers for the popular Minecraft PE mobile device game, announced that they experienced a data breach that resulted in email addresses, usernames and weakly-hashed passwords for more than 7 million users being leaked onto the Internet. Personal information such as names and mailing addresses were not leaked, according to the company. Lifeboat, a division of Minnesota-based Hydreon Corporation issued a statement on April 27, 2016 confirming the breach and urging users to change their passwords on other services such as email or social media that use the same password. Lifeboat has made a statement saying, “We learned of the breach in late February, and we immediately prompted you to choose a new password in-game. The password that you chose is encrypted using much stronger algorithms, and we’ve taken steps to better guard the data. If you’d like to change the password to your Lifeboat account again, you can do that here. But, if you changed it in February this is no need to do so.”
 
Data breach period: January 2016
 
 
Contact Lifeboat Network: Email: support@lbsg.net; Twitter: @lifeboatsupport
 
Move coverage of this breach: SC MagazineMotherboard

Rosen Hotels breach – Fraud.org

/in /by

rosen-crop.jpg

Orlando-based Rosen Hotels & Resorts has posted a data breach warning for customers who visited their hotels over an 18-month period. The chain joins Hyatt, Trump Hotels, Hilton Hotels, and Starwood Hotels as the latest hotel and resort chain falling victim to data breaches.

Announced: March 4, 2016

Description of breach: According to the company, hotel chain: “We received unconfirmed reports on February 3, 2016 of a pattern of unauthorized charges occurring on payment cards after they had been used by some of our guests during their stay. We immediately initiated an investigation into these reports and hired a leading cyber security firm to examine our payment card processing system. Findings from the investigation show that an unauthorized person installed malware in RH&R’s payment card network that searched for data read from the magnetic stripe of payment cards as it was routed through the affected systems. In some instances the malware identified payment card data that included cardholder name, card number, expiration date, and internal verification code.”

Data breach period: Cards used at RH&R between September 2, 2014 and February 18, 2016 may have been affected.

Official information from Rosen: https://www.rosenhotels.com/protectingourguests/

Contact Rosen: The hotel chain has established a helpline – (855) 907-3214 – for consumer questions about the incident. The call center is open from 8 a.m. to 8 p.m. EST, Monday to Friday.

List of Rosen Hotel properties

More coverage of this breach: Orlando Sentinel

21st Century Oncology breach – Fraud.org

/in /by

21_century_oncology-crop.jpg

Ft. Myers, Florida-based 21st Century Oncology, which operates a chain of 181 cancer treatment centers in the U.S. and Canada, has reported a breach that may have exposed information on up to 2.2 million customers.

Announced: The breach took place in October 2015, but the company was asked not to notify patients by the FBI until now. The FBI had notified the company of a possible breach back in November 2015, 21st Century Oncology executives said. (More from HealthcareITNews.) 

Description of breach: According to the company, it was notified on November 13 that patient information was illegally obtained by an unauthorized third party who may have gained access to a 21st Century database containing information that may have included patients’ names, Social Security numbers, physicians’ names, diagnosis and treatment information, and insurance information. There was no evidence that any medical records were accessed. 

Official information from 21st Century Oncology: https://www.21co.com/securityincident

Contact 21st Century Oncology: Customers may call 1-866-446-1405, from 9 a.m. to 9 p.m. Eastern Time, Monday through Friday.

Help for victims: 21st Century Oncology is notifying affected victims and offering free one-year credit protection services. It also recommends that patients regularly review the explanation of benefits received from their health insurer and contact the insurer immediately about services they did not receive.

Landry’s restaurants breach – Fraud.org

/in /by

bubba_gump_crop.jpg

The restaurant, casino, and entertainment company, which owns Landry’s Seafood, McCormick & Schmick’s, Morton’s, and Bubba Gump Shrimp restaurants, has received reports of unauthorized charges on credit cards of customers who had dined at its restaurants.


Announced: December 2015

Description of breach: Cyber attackers installed a program on payment processing devices at Landry’s locations that searched for data from the magnetic stripe of payment cards that had been swiped. Data that was obtained included cardholder name, card number, expiration date and the internal verification code. (More from Houston Business Journal.)

Affected customers: According to a statement from the company, locations were affected during three distinct periods in 2015: from May 4, 2014, through March 15, 2015, and/or from May 5, 2015, through Dec. 3, 2015. A small percent of Landry’s locations were also affected from March 16, 2015, through May 4, 2015.

Landry’s owns and operates more than 500 properties, including more than 40 different brands such as Landry’s Seafood, Chart House, Saltgrass Steak House, Bubba Gump Shrimp Co., Claim Jumper, Morton’s The Steakhouse, McCormick & Schmick’s, Mastro’s Restaurants and Rainforest Café.

Official information from Landry’s: https://www.landrysinc.com/pdf/pressReleases/2015/press_20151217.pdf

Contact Landry’s: Customers may call 877-238-2151 (U.S. and Canada), Monday through Friday from 9am to 7pm EST.

Help for victims: In a letter to customers, Landry’s offered the following advice: Landry’s advises  you  to  monitor  your  account  statements  for  unauthorized  charges.  You  should immediately contact the bank, credit union or other financial institution that issued your payment card if  you  see  any  unauthorized  charges. The  phone  number  to  call  is  usually  on  the  back  of  the  card. The  payment  card  companies  typically  guarantee  that  cardholders  will  not  be  responsible  for  unauthorized  charges that are timely reported. 

List of affected stores 

Hyatt – Fraud.org

/in /by

hyatt_crop.jpg

On December 23, 2015, Hyatt Hotels reported that it was investigating cyberattacks that caused data breaches at its properties from August 13 to December 8, 2015.

Announced on: December 23, 2015

Description of breach: Hackers infected Hyatt computers that process card payments with malware in an attempt to steal the credit card information of hotel customers and guests. The attacks were mostly concentrated on payments processed at hotel restaurants, although Hyatt issued a warning that some “of the at-risk cards were used at spas, gift shops, parking, and a limited number of front desks” during this time period. (Source)

Information exposed: Cardholder names, card numbers, expiration dates and verification codes

Affected customers: The global data breach affected 250 hotels in about 50 countries. Nearly 100 of the affected hotels located in 25 states and the District of Columbia between Aug. 13, 2015 and Dec. 8, 2015.

Official information from Hyatt: https://www.hyatt.com/protectingourcustomers/

Help for victims: Hyatt has provided a phone line for customers who may have questions about the breach. 1-877-218-3036 (U.S. and Canada) or +1-814-201-3665 (International) from 7 a.m. to 9 p.m. EST.

Hyatt has arranged for CSID to provide one year of CSID’s Protector services to affected customers at no cost to them. CSID is one of the leading providers of fraud detection solutions and technologies. In order to activate CSID’s Protector coverage, affected customers in the U.S. may visit www.csid.com/hyatt-us and affected customers outside the U.S. may visit www.csid.com/hyatt-intl to complete a secure sign up and enrollment process. 

List of affected hotels

More coverage of the breach: eSecurityPlanet 

NCL’s Programs

NCL-logo

Fraud.org is a project of
The National Consumers League.

info@nclnet.org
(202) 835-3323

1701 K St NW
Suite 1200,
Washington, DC 20006

© Copyright 2025. All rights reserved.