If guests used a payment card at one of the above hotels, restaurants, and bars during the dates listed above, we recommend that they remain vigilant to the possibility of fraud by reviewing their account statements for any unauthorized activity. If they see any unauthorized charges, guests should contact the bank that issued their card as soon as possible. The credit card companies typically guarantee that cardholders will not be responsible for fraudulent charges. Additionally, if guests incurred costs that their financial institution declined to reimburse related to fraudulent charges on a payment card used at one of the above hotels, restaurants, and bars during the dates listed above, Noble House will reimburse guests for any such reasonable, documented costs that their financial institution declined to pay.
Noble House was able to notify all individuals for whom we had contact information. However, because of the nature of the incident, we were not able to directly contact all potentially affected guests. If guests have any questions regarding this incident, they may call (866) 877-7528, Monday through Friday between the hours of 9 am and 5 pm Eastern time. For additional information about this incident please visit our website at http://www.noblehousehotels.com.
According to John Christly, CISO at Netsurion, a provider of remotely-managed security services for multi-location businesses
“This is just the latest case of a hotel chain being breached, and it won’t be the last. Hospitality companies are in an ongoing digital war with cybercriminals seeking payment card data—and the war is being won far too often by these hackers. Any business that processes payment data or offers free Wi-Fi is a profitable breach target. But widespread chains like Kimpton are especially appealing to hackers because of their troves of valuable data such as credit card information, sensitive employee data and sometimes even medical data used by in-house care facilities.
Traditional cybersecurity defenses are no longer enough. New defensive approaches, advanced cybersecurity tools and increased cyber intelligence must be deployed, which usually come from a relationship with an outside vendor. These vendors have the specialized knowledge needed to understand what the tools and resulting information being gathered are telling you. Possible tools include things like File Integrity Monitoring, Unified Threat Management (UTM) appliances, Security Information and Event Management (SIEM) and next-generation endpoint security solutions.
When systems like this are in place and managed appropriately, the processes within the programs and the computer operating system and memory will be watched for suspicious activity— and those tools will talk to other tools that have even deeper threat intelligence from a network of other deployed sensors. It’s very difficult to defend against today’s emerging cyberthreats on your own. For the best outcome, these advanced toolsets should be outsourced to a managed security firm specializing in this type of service—which includes expert threat researchers constantly patrolling for new activity that could point to hackers trying to steal data from your systems. This proactive approach will help to keep organizations out of the breach headlines.”