Noble House Hotels & Resorts was notified by the Secret Service about possible fraudulent activity on the payment card system at one of its properties, Ocean Key Resort & Spa. It engaged a computer security firm to examine the payment systems at all of the properties it manages for any signs of an issue. Through its investigation, it learned that malware may have been installed on payment processing systems that potentially affected cards swiped at the following hotels, restaurants, and bars during the periods identified:
- Kona Kai Resort & Spa, San Diego, CA, including the Vessel restaurant and the Tiki Bar, from April 25, 2016 – August 3, 2016;
- Little Palm Island Resort & Spa, Florida Keys, FL, including the Little Palm Island Dining Room, from April 25, 2016 – June 8, 2016;
- The Portofino Hotel & Marina, Redondo Beach, CA, including the Baleen Kitchen & Lounge restaurant and the Living Room Bar, from April 26, 2016 – June 8, 2016;
- The Edgewater, Seattle, WA, including the Six Seven restaurant, from April 26, 2016 – August 3, 2016;
- Ocean Key Resort & Spa, Key West, FL, including the Hot Tin Roof Restaurant, Sunset Pier bar, and LIQUID Pool Bar between April 26, 2016 and June 8, 2016;
- River Terrace Inn, Napa, CA, including the Terrace Café & Wine Bar, from April 25, 2016 – June 8, 2016;
- LaPlaya Beach & Golf Resort, Naples, FL, including the Baleen restaurant and the Tiki Bar, from April 26, 2016 – August 3, 2016;
- Mountain Lodge at Telluride, Telluride, CO, including The View restaurant, from April 26, 2016 – August 5, 2016;
- Hotel Deca, Seattle, WA, from April 25, 2016 – June 8, 2016;
- Blue Mermaid restaurant, San Francisco, CA from April 26, 2016 – August 3, 2016;
- Pescatore restaurant, San Francisco, CA from April 26, 2016 – August 3, 2016;
The information potentially compromised involved data found in the magnetic stripe on payment cards, including payment card number, payment card expiration date, CVV number, and may have included the payment cardholder’s name. We have no evidence that any cards used at these businesses outside of the periods identified were affected.
If guests used a payment card at one of the above hotels, restaurants, and bars during the dates listed above, Noble House recommends that they remain vigilant to the possibility of fraud by reviewing their account statements for any unauthorized activity. If they see any unauthorized charges, guests should contact the bank that issued their card as soon as possible. The credit card companies typically guarantee that cardholders will not be responsible for fraudulent charges. Additionally, if guests incurred costs that their financial institution declined to reimburse related to fraudulent charges on a payment card used at one of the above hotels, restaurants, and bars during the dates listed above, Noble House will reimburse guests for any such reasonable, documented costs that their financial institution declined to pay.
The Hutton Hotel in Nashville, Tennessee has also advised customers that it has been affected by a credit card attack similar to that of Noble House.