Hutton Hotel notifies customers of payment card security incident
NASHVILLE, TN - Hutton Hotel values the relationship it has with its guests and understands the importance of protecting payment card information.
NASHVILLE, TN – Hutton Hotel values the relationship it has with its guests and understands the importance of protecting payment card information. After being alerted to a potential security incident by its payment processor, Hutton Hotel began an investigation of its payment card system and engaged a leading cybersecurity firm to assist.
Findings from the investigation show that unknown individuals were able to install a program on the payment processing system at the Hutton Hotel designed to capture payment card data as it was routed through the system. The program could have affected payment card data—including cardholder name, payment card account number, card expiration date, and verification code—of guests who used a payment card to pay for or place hotel reservations during the period from September 19, 2012 to April 16, 2015, or who made purchases at the onsite food and beverage outlets from September 19, 2012 to January 15, 2015 and from August 12, 2015 to June 10, 2016.
Customers should remain vigilant to the possibility of fraud by reviewing their payment card statements for any unauthorized activity. Customers should immediately report any unauthorized charges to their card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card.
Hutton Hotel has implemented enhanced security measures, including the use of stand-alone payment processing devices, to prevent any further unauthorized access to payment card data. The Company has also notified law enforcement and will continue to support their investigation. In addition, the Company is working closely with the payment card companies to identify potentially affected cards so that the card issuers can be made aware and initiate heightened monitoring on those accounts. For those guests that the Company can identify as having used their payment card during the at-risk window and for whom the Company has a mailing address or email address, the Company will be mailing a letter or sending an email to them.