Modernizing Authentication — What It Takes to Transform Secure Access
The InterContinental Mark Hopkins San Francisco recently began notifying guests that a burglary on July 4, 2013 may have provided thieves with access to an undisclosed number of guests' personal data, including names, mailing addresses, e-mail addresses, phone numbers, and credit/debit card numbers.
While ransacking the hotel's sales office, the thieves removed a hard drive from a computer, but left the hard drive in the office. "We engaged data security experts to investigate this incident thoroughly and learned on July 14, 2013 that even though the computer hard drive was not taken, it is possible that it was accessed while the criminals were in the office," hotel general manager Nelum Gunewardane wrote in the notification letter [PDF].
"Please be assured that we have undertaken extensive forensic and other steps to address this incident and that we remain committed to protecting the information that you have provided to us," Gunewardane added. "The Hotel's security department has taken steps to increase security to help prevent such an incident from happening again."
According to Gunewardane, all affected payment card companies are being notified of the breach. While no identity theft protection services are being offered to guests, all recipients of the notification letter are advised to review their financial account statements for the next 24 months to check for unauthorized transactions.