The Embassy Suites San Francisco Airport recently began notifying an undisclosed number of people who stayed at the hotel in 2013 that their payment card information may have been exposed when an unauthorized person accessed information stored on two computers at the hotel’s front desk.
“We began investigating the incident as soon as we learned of it and have determined that the incident involved a credit or debit card number, expiration date, cardholder name, and CVV2,” hotel general manager Rudy Ortiz wrote in the notification letter [PDF]. “Because the data was captured with a manual device, our computer systems were not breached and thus no other personal information about you or other guests was unlawfully obtained.”
It’s not clear from the notification letter how the data was captured, or how the breach was discovered.
While no identity theft protection services are being offered to those affected, all recipients of the notification letter are being advised to review their account statements and credit reports for suspicious activity.
Hotel guests with questions are advised to contact (800) 221-5031.
UPDATE: According to the company, a total of 44 hotel guests were affected by the breach.