The Hard Rock Hotel and Trump International Hotel in Las Vegas say customers who booked rooms from August 2016 to March 2017 may have had credit card information stolen because of a data breach at a company that supplies hotel reservation services.
Those companies (as well as other hotels owned by other companies outside Las Vegas) use a hotel reservation system called SynXis Central Reservations, provided by a company called Sabre Hospitality.
In a statement released earlier this month, Sabre said an investigation had “determined that an unauthorized party accessed certain payment card information for a limited subset of hotel reservations processed through the SHS reservation system.”
Sabre’s statement said some of the exposed records had credit card information with the payment card security code while others did not. The company said personal information like Social Security numbers, passport numbers and driver’s license numbers were not accessed.
According to Sabre, customers in seven states were affected, including Iowa, Maryland, Massachusetts, New Mexico, North Carolina, Oregon and Rhode Island.
In a statement released by Trump Hotels, the company acknowledged it does use the system that was hacked but that its internal systems were not breached.
In a statement by the Hard Rock Hotel, the company said it had been told by Sabre “that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information.”
In addition to its property in Las Vegas, other affected Hard Rock hotels are in Chicago; San Diego; Palm Springs, Panama; Cancun, Riviera Maya and Puerto Vallarta, Mexico; Goa, India; and Punta Cana, Dominican Republic.
Saber has offered a free notification service for its clients to help them inform guests who may have been affected. However, if for some reason the affected customer can’t be contacted, or the hotel companies don’t use the service, it could be very difficult for consumers to know whether their credit card data was exposed.
Consumers should remain vigilant for incidents of fraud and identity theft by regularly reviewing account statements and monitoring free credit reports for any unauthorized activity. Customers wanting more information about the breach are encouraged to call 800-442-8960 and to visit Sabre’s website regarding consumer notices.