As of yesterday any of you security folk who attended Notacon this year started getting some interesting letters regarding some personal information, specifically credit card info, being compromised during your stay at the Wyndham Hotel. I managed to grab a copy of the letter (thanks Brandon!) which you can read HERE.
Just to be perfectly clear before I share some exerpts from the letter, this breach was in no way related to Notacon or it’s attendees. The attack was focused at the Wyndham and had nothing to do with any ATM or network use during the conference. That being said:
“This incident was identified when Wyndham recieved information that certain fraudulant credit card transactions were possibly traced back to one of our hotels. Upon learning of this possibility Wyndham promptly retained an externam examiner to conduct a thorough forensic investigation.”
This investigation apparently yielded information of a “sophisticated hacker” penetrating the Wyndham computer system and gaining access to the names and credit card numbers of certain guests. Also, the attacker managed to grab transaction information from multiple Wyndham hotels on a real time basis between March 29th and May10th of 2009. The letter goes on to say:
“As a result of the investigation, the Wyndham has determined that your creidt or debit card number, expiration date, and possibly your name were accessed. Further, magnetic stripe information from your credit card may have been accessed depending upon whether the hotel swiped your card for a transaction or manually entered your credit card number, although, due to the sophisticated nature of the hack, we have not been able to determine precisely what magnetic stripe information, if any, was accessed.”
I’d love to hear some details of the attack considering it is so “sophisticated” if any readers have more information. Also if you stayed at the Wyndham during this time period it might be a good idea to cancel your card.
-Matt