This incident has 0 proposed changes.
Know of details that have changed? Submit them
Showing Incident 1315 
SUMMARY
| Letter From Wyndham reporting credit card number, expiration date & possibly names were compromised | |
| Records | 480,000 |
|---|---|
| Record Types | CCN NAA |
| Breach Type | Hack |
| Data Family | Electronic |
| Source | Outside |
| Organization | Wyndham Hotels |
| Other Affected/Involved Organizations | None |
| Lawsuit? | NO/UNKNOWN |
| Data Recovered? | NO/UNKNOWN |
| Arrest? | NO/UNKNOWN |
| Submitted By: | Anonymous |
STOCK PRICE
SIMILAR INCIDENTS
| records | date | organizations |
|---|---|---|
| 300,000 | 2000-01-10 | CD Universe |
| 310,000 | 2005-04-12 | LexisNexis, Accurint, Seisint, Port Orange Police Department , Reed Elsevier |
| 648,420 | 2006-09-08 | Linden Lab . Second Life |
| 1,200,000 | 2010-01-04 | Lincoln National Corporation |
TIMELINE
| Date | Event |
|---|---|
| 2008-08-01 | Incident Occurred |
| 2008-09-12 | Incident Discovered By Organization |
| 2008-12-22 | Organization Reports Incident |
| 2008-12-22 | Organization Mails Notifications |
| None. Add Data | Records Recovered |
| None. Add Data | Lawsuit Filed |
| None. Add Data | Arrest Made |
MAP OF INCIDENT LOCATION
Address: Phoenix, AZ, USA
Have a better address for this incident? Suggest it!
REFERENCES
suggest a new attachment
ATTACHMENTS
COSTS SUMMARY
Known Actual Costs
|
Estimated Costs
|
|||
|
||||
PRIMARY SOURCES
Primary Source ID: 886
| add details to this primary source Description | |||
|---|---|---|---|
|
Notification to NH regarding a data center security breach exposing credit card numbers of guests.
|
|||
| Filename | Source | Researcher | Incident IDs |
| wyndham.pdf | New Hampshire Consumer Protection & Antitrust Bureau | d2d | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| 2 | 2008-12-23 | 2009-01-01 | 01 Jan 20:44 |
| Excerpt | |||
WYNDHAM ` W 1 __ R V. l December 23, 2008 Il!fr~,lE~;—;1i;;m]{;;lJ;,li **3 » t;,=;.‘-1i-7l"‘Jl.sx ` The Honorable Kelly A. Ayotte, Attorney General Office of the Attorney General 33 Capitol Stree... |
|||
Primary Source ID: 985
| add details to this primary source Description | |||
|---|---|---|---|
|
Hacking of guests credit card number and expiry date and names from Wyndham
|
|||
| Filename | Source | Researcher | Incident IDs |
| 20081008-Wyndham.pdf | Maine Attorney General | d2d | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| Not yet entered | 2008-10-08 | 2009-01-12 | 13 Jan 06:19 |
| Excerpt | |||
0 ,, WYNDHAM T W HOTELS AN D T RESORTS CONSUMER l"R0rEc october 0, 200s RECEH;§B°'V'S'°ti OCT 1 5 2000 The Honorable Steven Rowe, Attorney General Office of the Attorney General _ 6 State House Stati... |
|||
Primary Source ID: 1245
| add details to this primary source Description | |||
|---|---|---|---|
|
Information about credit card of clients accessed by a hacker
|
|||
| Filename | Source | Researcher | Incident IDs |
| VA_10102008_wyndam.pdf | Virginia Attorney General | jkouns | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| Not yet entered | 2008-10-10 | 2009-02-03 | 06 Feb 08:42 |
| Excerpt | |||
ECT—1@—-EEIBE @1 ¤25 P. @1/@3 I ~ - - a1;;¤x?iawe;;·i · 7 SYLVAN WAY PARSIPPANY, N} 07054 FAX NUMBER {97*3) ?53~6476 LEGAL DEPARTMENT FACSIMILE COVER SHEET --- TG: FROM: [an Myer Kirsten... |
|||
Primary Source ID: 1316
| add details to this primary source Description | |||
|---|---|---|---|
|
Letter From Wyndham reporting credit card number, expiration date & possibly names were compromised - notification letter to the state of Virginia
|
|||
| Filename | Source | Researcher | Incident IDs |
| VA_12232008_wyndham.pdf | Virginia Attorney General | jkouns | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| Not yet entered | 2008-12-23 | 2009-02-03 | 12 May 19:41 |
| Excerpt | |||
_` .E·.-. A if December 23, 2008 I i The l—loriorable Bob l\/lcDonneII Office of the Attorney General 000 East lvlain Street Richmond, \/A 23219 Dear lvlr. l\-icDonne|l; As you may recali, on... |
|||
Primary Source ID: 1749
| add details to this primary source Description | |||
|---|---|---|---|
|
New York Data Breach Notification : Hacker obtained credit card details through a franchised hotel.
|
|||
| Filename | Source | Researcher | Incident IDs |
| Windham-HotelsResorts-OTHER.pdf | New York State Consumer Protection Board | cwalsh | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| 8787 | 2008-10-23 | 2009-05-08 | 22 Jul 16:35 |
| Excerpt | |||
O€.ZT~·ZE3-§2®Z‘8 23.2.*1252 _ __ REX/Eé ?:?:?:¥12¥$:¥ · "·':¥:¥:¥:¥:¥:¥:¥:¥ ?§;—'$,':?‘.¥*.`* — WE `4 ···; ` ,i-` P2 . . _< .;- 7 S`x’L"»<'}§.N \$¥.·\Y PAR5I}’ l’;%NY, Nj 87054 FAX NULQBER... |
|||
Primary Source ID: 1964
| add details to this primary source Description | |||
|---|---|---|---|
|
Letter to Wyndham Customer outlining data breach of their personal information via a hacking incident.
|
|||
| Filename | Source | Researcher | Incident IDs |
| FL_wyndham_hotels.pdf | Florida Attorney General | infolock | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| Not yet entered | 2008-12-01 | 2009-06-23 | 27 Aug 08:09 |
| Excerpt | |||
Piwh i~i9€·TEPf Sinn; FFi@i‘i~i; Phiiiné i·-ICI. : :221 een ITE? ie;. Bei mee i;;:e;r¤~i-·i ie; WYNDHAM Q'; HOTELS me RESORTS December 2008 Tijcjz ‘ gm ireietien Code: Bee- We are writing to inform... |
|||
Primary Source ID: 1836
| add details to this primary source Description | |||
|---|---|---|---|
|
North Carolina Data Breach Notification : Hacked server in data center reveals personal credit card information
|
|||
| Filename | Source | Researcher | Incident IDs |
| 20081015_Wyndham.pdf | North Carolina Department of Justice, Consumer Protection Division | d2d | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| 5297 | 2008-10-15 | 2009-06-13 | 02 Nov 17:46 |
| Excerpt | |||
1Z1CT—l¢l—.E2@@¤E= E2! SE1 F' - @¢l~‘E1$ T ;,i I North Carolina Security Breach Reporting Form Q Pursuant to the Identity Theft Protection Act of 2005 Name of Business Owning or Licensing Infomation... |
|||
Primary Source ID: 1859
| add details to this primary source Description | |||
|---|---|---|---|
|
North Carolina Data Breach Update : Update to earlier notification to NC consumer protection division.
|
|||
| Filename | Source | Researcher | Incident IDs |
| 20090130_wyndham.pdf | North Carolina Department of Justice, Consumer Protection Division | d2d | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| Not yet entered | 2009-01-30 | 2009-06-13 | 02 Nov 17:48 |
| Excerpt | |||
.~ , pr ,@ ll i lh/`Y i‘¤l D H .53. M HOTELS AND V R E S O iiz T S January 30, 2009 Consumer Protection Division NC Attorney Generals Office 9001 Mail Service Center Raleigh, NC 27699-9001 To... |
|||
Primary Source ID: 2346
| add details to this primary source Description | |||
|---|---|---|---|
|
New Hampshire breach notification - Wyndham Hotels - updated notification regarding customers names and credit card details were exposed. 201 New Hampshire residents affected.
|
|||
| Filename | Source | Researcher | Incident IDs |
| wyndhamhotel.pdf | New Hampshire Consumer Protection & Antitrust Bureau | kirniki | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| 201 | 2009-08-21 | 2009-12-06 | 07 Dec 11:06 |
| Excerpt | |||
WYNQHAM HGTELS sti ifi Q E S G Q TS August Ei, 2€Zii>§ The Honorehte ttetiy A. Ayotte, Attorney Generai Griioe oi the Attorney Genersi 33 Cepitoi Street Concord, tiiiri @3301 ileer Attorney Generei A... |
|||
Primary Source ID: 2374
| add details to this primary source Description | |||
|---|---|---|---|
|
Maine breach notification - Wyndham Hotels & Resorts - hacked server exposes customers credit card numbers including track 1 and 2. hack was caused by malware 337 Maine residents affected
|
|||
| Filename | Source | Researcher | Incident IDs |
| 20090821_wyndham_hotels_ME.pdf | Maine Attorney General | d2d | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| 337 | 2009-08-21 | 2009-12-06 | 10 Dec 20:11 |
| Excerpt | |||
. _ consumes Pnorscrron DlVlSlON RECEIVED ,, wvrror-rAM AUG 2 0 0000 W HOTELS AND RESORTS OFFICE or Arrorirrsv GENERAL August 21, 2009 The Honorable Steven Rowe, Attorney General Ofhce ofthe Attorney... |
|||
Primary Source ID: 2628
| add details to this primary source Description | |||
|---|---|---|---|
|
Massachusetts breach notification: Wyndham Hotels - updated notification regarding customers names and credit card details were exposed. 1,146 MA residents affected.
|
|||
| Filename | Source | Researcher | Incident IDs |
| 20090821-wyndham-hotels-and-resorts-MA.pdf | Massachusetts Attorney General | d2d | <a href='/incidents/show/1315'>1315</a> |
| Records | File Date | Uploaded | Updated |
| 1146 | 2009-08-21 | 2010-04-27 | 12 Aug 23:53 |
| Excerpt | |||
i , ,,, WYNDHAM » · — ‘ . Q] HOTELS AND RESORTS ° i August 21, 2009 . ` The Honorable Martha Coakley ‘ Attorney General, State of Massachusetts - _ One Ashburton Place r Boston, MA 02108 { . - · · De... |
|||
COMMENTS
by Anonymous on 2009-01-02 (over 3 years ago)
Ms Hotchkiss sent me a letter that was identical to the "John doe" letter referenced in the .pdf. Contrary to what Ms Hotchkiss writes in the letter, my credit card company has NOT been notified. Also, when calling the info line, you can get know helpful information like specifically what credit card was compromised (I was able to deduce my CC). Finally, the webiste listed for the equifax service is incorrect.
by Anonymous on 2009-01-05 (over 3 years ago)
I received this letter as well. Seems to me that if they are able to pull my name, they could also have let me know which hotel I stayed at and when, as well as which credit card was compromised. I don't recall staying at a Wyndham so this could be difficult for me to figure out.
by Anonymous on 2009-01-07 (over 3 years ago)
I also received this letter in December. My CC company is NOT notified. My one and the only stay at Wyndham in past 5 years was a stay at a Wyndham resort in Puerto Rico in Nov of 2007.
I cannot get any more specific info from Wyhdham such as the cause of breach, the period being affected, or any other info other than the generic answer same as the letter.
by Anonymous on 2009-01-13 (over 3 years ago)
I also got this letter. I'm not sure I ever stayed at a Wyndham. suspect this is an attempt to get people to register for equifax's service, which is not useful in any way -- it doesn't let you see your score or your report, and tries to get you to upgrade for a fee. Horrible.
by Anonymous on 2009-01-14 (over 3 years ago)
I received this letter in December. I don't recall staying at a Wyndham property, but I'm not really interested in trying to decode when and where I might have stayed there. I am hesitant to give my SS# to the equifax website.
by Anonymous on 2009-01-15 (over 3 years ago)
It's for sure a scam, I got a letter too but I didn't stay in any hotel during September so that alone let's me know. Also, did you check that cheap letter head? I checked it out online and saw the same letter sent to many people as well as a scam sent under the heading of Wyndham Time Share Resorts. Someone really has it in for Wyndham I suppose.
by Anonymous on 2009-01-16 (over 3 years ago)
Short Answer:
- The letter is valid
- Information in the letter (URL, phone #, etc) is valid
Long Answer:
I also received a letter stating that there had been “a data security incident involving your personal information”. In the letter was a promotion code for a year of credit monitoring from Equifax free for a year. I did not feel comfortable with the URL in the letter (www.myservices.equifax.com/3in1alererts) so I called Wyndham directly. The Wyndham representative confirmed that the letter was valid and gave me phone number to call for more details. The phone number the rep gave me was the same one contained in the letter.
I then went directly to Equifax as I still did not feel secure about the URL in the letter. After filling out the required information and verifying my identity, I tried to enter the promotion code given to me in the letter from Wyndham but it did not work.
I called the number, referred to me by both a Wyndham rep and the letter. I asked if she could identify which credit card was at risk, but she said only her supervisor could look up that information and that I should expect a call within one to two days. I also asked about the promotion code for Equifax which did not work, and she said that they would get back to me with a valid code.
I decided to check out the URL provided in the letter (www.myservices.equifax.com/3in1alererts). Once you click on the link to buy the “3 in 1” service it goes to the same URL (one of the parameters is different, however) that you would have gotten if you had started from Equifax.com. Since I had already created an account from Equifax, but did not enter payment information since the promotion code didn’t work, I gave the URL in the letter a try. The site recognized that the user ID I had just setup directly from Equifax.com was in use, so I conclude that the URL in letter is a legitimate Equifax URL.
So, now I’m just waiting to hear back from Wyndham with a valid code for Equifax and details on the credit card which may have been compromised.
Breach Types:
- Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
- Disposal Mobile | Email | Fax | Fraud Se
- Hack | Lost Computer | Lost Document | Lost Drive
- Lost Laptop | Lost Media | Lost Mobile | Lost Tape
- Missing Document | Missing Laptop | Missing Media | Snail Mail
- Stolen Computer | Stolen Document | Stolen Drive | Stolen Laptop
- Stolen Media | Stolen Mobile | Stolen Tape | Unknown
- Virus | Web |
