Kimpton Hotels & Restaurants Notifies Customers of Payment Card Incident

Share Button

SAN FRANCISCO, Aug. 31, 2016 ( — Kimpton Hotels & Restaurants has completed its investigation of the previously announced payment card security incident.

Kimpton Hotels & Restaurants received a report on July 15, 2016 of unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of our hotels. We immediately began to investigate the report and hired leading cyber security firms to examine our payment card processing system. Findings from the investigation show that malware was installed on servers that processed payment cards used at the restaurants and front desks of some of our hotels. The malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the affected server. The malware primarily found track data that contained the card number, expiration date, and internal verification code, but in a small number of instances it may have found the track that also contains the cardholder name.

This incident involved cards used at certain restaurants and hotel front desks from February 16, 2016 to July 7, 2016. A list of the affected hotel front desks and restaurants, along with the specific time frames for each (times vary by location) is located at The site also contains more information on steps guests may take to protect their information. Kimpton Hotels & Restaurants does not have information available to identify the name and address of restaurant guests. We will be mailing letters to those guests who used their card at a front desk during an at risk time frame for whom we have a mailing address.

According to a Spokesperson “We have resolved the issue and continue to work with the cyber security firms to further strengthen our existing security measures. We notified law enforcement and are also working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards. ”

According to to John Peterson, vice president & general manager, Comodo Enterprise , “Cybercriminals are patient and sophisticated, and it’s that combination that makes them a formidable force to be reckoned with and why breaches are now daily headlines. Additionally, it seems like most of the security industry has pretty much thrown in the towel on actually preventing breaches and has moved to just detection and remediation.

Hospitality companies need to do everything they can to protect their customers’ data; this means deploying the latest developments in endpoint protection and secure web gateways that actually prevent breaches through the most advanced methods available to the industry today.

When it comes to hotel breaches, customers need to be aware of their exposure. They should keep a close eye on accounts that may be impacted and report any suspicious behavior on those accounts.”

About the Author