Orient-Express Hotels Ltd. recently began notifying an undisclosed number of customers that their personal information may have been exposed when an attacker accessed seven company e-mail accounts that held some customer data (h/t DataBreaches.net).
The breach, which occurred between July 2013 and September 2013, was discovered on September 24, 2013. It's not clear how it was discovered.
The data potentially exposed includes customer names, credit/debit card numbers, expiration dates and security codes.
"After learning of the incident, we promptly took steps to secure our systems to help prevent this type of event from reoccurring," the company wrote in the notification letter [PDF]. "We have no evidence that any of the information has been misused as a result of this issue."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
While no credit protection services are being offered to those affected, the notification letter advises recipients to review their account statements and credit reports for any unauthorized activity.
Customers with questions are advised to call (800) 851-0353.