Noble House Hotels and Resorts was alerted to a potential issue after receiving calls from guests who had used a payment card at one of Noble House’s properties, The Commons Hotel Minneapolis, and then saw unauthorized charges on that card. Noble House immediately initiated an investigation and engaged a computer security firm to examine its payment system for any signs of an issue.
During the investigation, Noble House found indicators that malware had been installed on a server containing payment card information for The Commons. The guest information potentially compromised by the malware included data found in the magnetic stripe on payment cards, which includes the cardholder name, card number, expiration date and CVV number. Based on the ongoing investigation, it is possible that payment cards used at The Commons from January 28, 2015 to August 3, 2015 may have been affected.
Noble House was able to provide individual notification to all individuals for whom the company had contact information, although it is unknown if all such persons were directly affected by the malware. However, because of the nature of the incident, Noble House was unable to contact all affected individuals. If guests used a card at The Commons between January 28, 2015 and August 3, 2015, Noble House recommends that they remain vigilant to the possibility of fraud and identity theft by reviewing their account statements for any unauthorized activity.
To help prevent this from happening again, Noble House has retained a computer security firm to review its security measures, ensure that this issue has been fully remediated and look for ways to enhance its security measures.