Luxury hospitality company Omni Hotels & Resorts is notifying customers of a data breach that may have compromised their payment card information.
In a statement posted on its website on Friday, the Dallas-based company said it learned of a malware intrusion on May 30, which affected some point-of-sale systems at certain Omni properties.
“… The malware may have operated between December 23, 2015, and June 14, 2015, although most of the systems were affected during a shorter timeframe,” read the notice.
According to a report by the Wall Street Journal, 49 of the hotel chain’s 60 North American locations were affected.
Omni said the malware was capable of compromising customers’ payment card information, including cardholder name, credit/debit card number, security code and expiration date.
“Upon learning of the intrusion, we promptly engaged leading IT investigation and security firms approved by the major credit card companies to determine the facts and contain the intrusion,” added Omni.
The issue has since been resolved, and the company is currently working with law enforcement to support their investigation. Additionally, Omni said it has taken steps to further strengthen its systems.
Nonetheless, cyber criminals have reportedly been using the stolen information in the breach to make fraudulent purchases since late February.
Andrei Barysevich, Director of Cybercrime Research at Flashpoint, worked in collaboration with payment card issuers and payment processors to investigate the intrusion. He told the WSJ that more than 50,000 payment-card numbers related to the breach have been sold on criminal online forums.
Potentially affected customers are advised to remain vigilant, review relevant account statements and monitor credit reports for suspicious activity.
Omni is among several other large hotel chains that have suffered data breaches in the last year, including Trump Hotels and the Hard Rock Las Vegas.