The Brunswick Hotel & Tavern in Brunswick has notified former guests that a malicious program found on the hotel’s computer system may have allowed thieves to steal their payment information.
Portland-based Olympia Hotel Management, part of The Olympia Cos., issued letters to former customers on Aug. 21 stating that it had “recently discovered malware on the hotel’s computer systems that may have resulted in unauthorized access to name and payment card information.” According to a follow-up letter it sent to the Maine Office of the Attorney General, as many as 319 Maine residents’ payment data may have been compromised, in addition to an undisclosed number of out-of-state residents.
A copy of the customer letter was posted online Aug. 25 by the Vermont Office of the Attorney General, followed by an article posted Tuesday by SC Magazine, a publication for information technology security professionals.
According to the letter, “it appears that one of the front desk computers at the hotel was infected with sophisticated malware designed to capture and permit remote access to payment card information while avoiding detection by anti-virus software” for a period of nearly eight months beginning Nov. 29. It was discovered and removed on July 21.
Olympia said in the letter that it has retained “a leading cybersecurity and investigations company” to investigate the malware infection and tighten the hotel’s computer security.
The hotel operator said it has not been able to confirm that customer payment information was stolen, nor has it been able to rule out the possibility. It is offering affected guests a year of free credit monitoring service.
Olympia has set up a customer incident line at 877-271-1388 for guests who believe they may have been affected. The hotel operator did not return calls seeking comment for this story.
However, it notified the Attorney General’s office that a group of three customers contacted the Brunswick Hotel in late June to inquire about fraudulent charges they had discovered shortly after their stay at the hotel. That inquiry led to the investigation that uncovered the malware, it said.
J. Craig Anderson can be contacted at 207-791-6390 or:
Twitter: jcraiganderson
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.