The Brunswick Hotel & Tavern in Brunswick has notified former guests that a malicious program found on the hotel’s computer system may have allowed thieves to steal their payment information.

Portland-based Olympia Hotel Management, part of The Olympia Cos., issued letters to former customers on Aug. 21 stating that it had “recently discovered malware on the hotel’s computer systems that may have resulted in unauthorized access to name and payment card information.” According to a follow-up letter it sent to the Maine Office of the Attorney General, as many as 319 Maine residents’ payment data may have been compromised, in addition to an undisclosed number of out-of-state residents.

A copy of the customer letter was posted online Aug. 25 by the Vermont Office of the Attorney General, followed by an article posted Tuesday by SC Magazine, a publication for information technology security professionals.

According to the letter, “it appears that one of the front desk computers at the hotel was infected with sophisticated malware designed to capture and permit remote access to payment card information while avoiding detection by anti-virus software” for a period of nearly eight months beginning Nov. 29. It was discovered and removed on July 21.

Olympia said in the letter that it has retained “a leading cybersecurity and investigations company” to investigate the malware infection and tighten the hotel’s computer security.

The hotel operator said it has not been able to confirm that customer payment information was stolen, nor has it been able to rule out the possibility. It is offering affected guests a year of free credit monitoring service.

Olympia has set up a customer incident line at 877-271-1388 for guests who believe they may have been affected. The hotel operator did not return calls seeking comment for this story.

However, it notified the Attorney General’s office that a group of three customers contacted the Brunswick Hotel in late June to inquire about fraudulent charges they had discovered shortly after their stay at the hotel. That inquiry led to the investigation that uncovered the malware, it said.

J. Craig Anderson can be contacted at 207-791-6390 or:

[email protected]

Twitter: jcraiganderson

Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.