The Galt House Hotel Suffers Payment Card Breach

Media Division | July 27, 2017

Just yesterday, we wrote about a data breach that involved cyber attackers getting away with credit card information. These types of incidents continue to happen far too frequently for a couple different reasons. First off, this type of information is one of the largest targets for cyber attackers, with the reasoning obviously being that it enables them to commit various types of fraud and receive financial gain. And another reason is that many organizations continue to lack comprehensive cyber security in certain areas. In another recent incident, a four-star hotel called The Galt House in Louisville, Kentucky has discovered an insidious threat that was stealing customer credit card data in their systems.

Details of the Incident

According to a statement release from the hotel, an internal security investigation had discovered malware on their payment processing system that had been copying some guest’s credit card data. The Galt House had been alerted to a potential security incident, and they had begun the investigation immediately afterward. Aside from their own internal investigation, they had also enlisted the help of computer forensics experts, as well as coordinated with law enforcement. The information being copied included cardholder names, account numbers, expiration dates, and verification codes. It appears to have affected certain guests that used their cards at the hotel between the dates of December 21, 2016, and April 11, 2017. There does not seem to be any further reports as to how the malware had initially infected the hotel’s systems or how many people were affected, but perhaps this will be released once the investigation is complete.

The hotel has been taking several steps to ensure that the incident is handled. According to their statement, the issue is now resolved and they are working alongside the computer forensics firm to bolster their cyber security and prevent future incidents. They said that they are also in contact with payment card networks to ensure that card issuing banks are aware of the issue and increase monitoring. In their official release, the hotel detailed several different steps that affected guests can take to protect themselves, including watching for suspicious activity on statements and placing fraud alerts or credit freezes on their accounts. It is good that The Galt is placing focus on protecting affected guests, as anything less can result in reputational and trust damage down the road. A single data breach of magnitude like this can cause an organization to fail if they are not meticulous in their handling and mitigation of it.

The Vital Importance of Cyber Security Monitoring

There is an aspect of this breach that we have pointed out in several others, which would be the fact that it went undetected for quite some time. This, unfortunately, happens quite often, and it allows infiltrating threats and attackers to continue with their malicious purposes for extended periods of time, making a breach even worse than if the threat were immediately detected. There is an implement that can help to resolve this situation, which would be cyber security monitoring. Proper monitoring, whether it be internal or from a reputable third party vendor can allow rapid detection of threats and attackers, which can then be expelled or eliminated. If an anomaly or indicator of compromise is found within a network or system, IT staff or a dedicated analyst can be immediately alerted. They can then investigate these alerts and handle them if they show to be malicious. Modern security involves a high level of prevention and proactivity, which is why monitoring is necessary, as it helps to eliminate the chance of threats going unnoticed. Massive Alliance offers comprehensive cyber security monitoring services that can provide much more awareness over networks and systems.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.