The Wyndham Hotel chain’s computer systems security team discovered in mid-September 2008 that the company’s central computer systems were infiltrated. The intruder gained access through a franchisee’s computer system and from there was able to access the central systems of Wyndham. Wyndham believe that as many as 41 properties may have been affected and about 21,000 people in Florida.
Wyndham immediately retained a qualified investigator to assess the problem and ensure that it was isolated and to strengthen and implement a stronger security system. The Secret Service, credit card agencies and several state’s attorney general offices were also notified. They are making an effort to contact all of the affected customers by working through the credit card companies. It appears that only the credit card information was stolen without matching names and addresses. Wyndham says:
To ensure our customers’ card numbers were protected, we provided each of the payment card companies (American Express, Visa, Mastercard and Discover) with the actual card numbers that were accessed so that these payment card companies could take such action as they deemed appropriate to monitor the use of the cards.
Wyndham does not keep social security numbers or other confidential identifying information and does not believe any identity theft has occured because of the breach. The criminals did manage to get magnetic stripe information which contains the CVV code. Card numbers with this code bring a higher price on the black market because it is easier to use the card in a fraudulent transaction.
When a stolen card is used that includes the cvv code the banks are responsible for the charges. When there is only a card number and an expiration date used in the transaction which occurs in many online sales then the retailer is responsible.
If you believe that you may have been affected by the theft you can find more information here to get more information.