Wyndham Hotels and Resorts Open letter to our customers February, 2010 To our Wyndham Hotels and Resorts guests: In late January, 2010, our company discovered that a sophisticated hacker penetrated the computer systems of one of the Wyndham Hotels and Resorts (WHR) data centers. By going through the centralized network connections, the hacker was then able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers. The incident did not affect any of the other branded hotels in the Wyndham Hotel Group system. We deeply regret that this incident occurred and are doing everything we can to notify our customers directly, to address and remedy the problem. CLICK HERE FOR FAQS ABOUT THE INCIDENT. In addition to ensuring that the hack was immediately terminated and disabled, we promptly retained a qualified investigator to assess the problem and ensure that we had isolated it, and then to help us implement the proper changes to strengthen and improve the security of our connections with each of our WHR branded properties. Further, the impacted properties are being separately investigated by a qualified PCI investigative firm to assess and improve the security at each hotel property in the system. To ensure our customers' card numbers were protected, we provided each of the payment card companies (American Express, Visa, Mastercard and Discover) with the actual card numbers that were accessed so that these payment card companies could take such action as they deemed appropriate to monitor the use of the cards. We also notified the Secret Service, as well as several states' attorneys general offices with information about the breach, and continue to work with law enforcement to assist in the investigations of this matter. Because only payment card information was compromised, at this time, we cannot confirm the individuals whose card information may have been acquired. However, we will be contracting with a secure third party consumer reporting agency to match every active credit card in the United States with the consumer's name and address and we will personally provide notice to those individuals, as well as an offer for free credit monitoring for a period of time. Potentially exposed through this breach are guest and/or cardholder names and card numbers, expiration dates and other data from the card's magnetic stripe. While unfortunately that information may be used for credit card fraud, at this time, no criminal identity theft related to the use of the consumer data has been identified. Importantly, we believe that it is unlikely that identity theft will occur because of the limited amount of information that was compromised. Birthdates, SSNs, addresses or other personally identifying information were not kept by the hotels and therefore not part of the compromise. Nevertheless, we recommend that you regularly monitor your card and bank statements and that you promptly report all suspicious activity to the financial institution that issued your card. CLICK HERE FOR A DESCRIPTION OF ACTIONS YOU CAN TAKE TO PROTECT YOUR CREDIT. Wyndham prides itself on providing exceptional value for our guests. We deeply regret this incident occurred and we will work hard to restore your confidence in our brand. Sincerely Kirsten Hotchkiss CLICK HERE IF YOU BELIEVE YOU MAY HAVE BEEN IMPACTED AND WOULD LIKE FURTHER INFORMATION FROM THE COMPANY