Omni-shambles! Card-stealing malware checks into US hotel chain
At this point, it might be safer to just sleep in your car
Yet another US hotel chain has admitted malware infected its computer systems and stole guests' bank card information.
Omni Hotels said today [PDF] an attacker managed to infiltrate its IT network and inject a software nasty into its payment terminals that siphoned off copies of people's credit and debit cards.
The malware was present on Omni sales kit between December 23, 2015 and June 14 of this year. Information lifted from credit and debit cards included cardholder name, card number, expiration date, and security code.
The hotel did not say which of its 52 North America locations were infected with the card-stealing malware.
"We have no indication that reservation or Select Guest membership systems were affected," Omni said in its notice.
"Accordingly, if you did not physically present your payment card at a point of sale system at one of the affected Omni locations, we do not believe your payment card was affected."
Omni says that it will be covering the cost of identity alert services for one year for any of the customers whose cards were accessed. It is recommended that anyone who receives a notice in the mail from Omni keep a close eye on their account summaries and credit reports for any suspicious activity.
Omni is far from alone in the ranks of companies that have been breached by POS malware. POS breaches have become so common that it might be more practical to list the resort chains who haven't been breached.
PS: You can thank this pure moment of UK political satire for "omnishambles" – be warned, it's not safe for work.