Data breach at The Thayer Hotel, a historic establishment near the prestigious West Point Military Academy, exposed personal customer details, including their ID document numbers.
The establishment noticed intruders in late September, the hotel explained in a data breach notice. According to the letter sent out to potentially impacted individuals, after The Thayer Hotel learned its systems were compromised, it had to restore access to the system.
“This occupied the time of our entire IT staff for several days. Once access to our systems was restored, we launched an investigation with the assistance of third-party forensic specialists and cybersecurity professionals into the nature and scope of the activity,” the data breach notice said.
To sift through the attack’s fallout, the establishment hired third-party cybersecurity experts. Together with outside help, the hotel determined whose data may have been compromised on October 17th. It took another two weeks to start informing people whose data may have been exposed.
The investigation also revealed what type of data was compromised. Breach notice indicates attackers may have accessed user names in combination with a form of ID document. Some had their driver’s licences exposed, while others had passports or state ID card numbers.
The hotel claims that “a very small number” of individuals may have had their Social Security numbers (SSNs) exposed in the attack.
Meanwhile, information The Thayer Hotel submitted to the Maine Attorney General’s Office indicates that the attack exposed data of over 33,000 individuals.
“We take this incident very seriously. In addition to the above, we are notifying affected individuals and providing resources to help protect their information,” the data breach notice reads.
While there’s no indication the details were misused, the hotel said it will provide impacted individuals with 12 months of complimentary identity theft protection services.
Attackers could utilize stolen details for identity theft purposes, using exposed ID documents to set up or take over various accounts. There are additional security concerns as the hotel is often inhabited by members of the US military and their family members.
Attackers could also target individuals with convincing phishing attacks that, for example, impersonate the hotel or attempt to peddle malware, or other harmful materials.
The Thayer Hotel has a rich history tied with the US military. The establishment was set up during area development initiated in 1920s, by Brigadier General Douglas MacArthur after he returned from World War I to become the Superintendent of West Point.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked