Monthly Archives: March 2011

Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

 Three major hotel industry associations, including the American Hotel & Lodging Association (AH&LA), Hotel Technology Next Generation (HTNG), and Hospitality Financial and Technology Professionals (HFTP) today issued the following joint statement to hotels regarding organized cyber crime attacks on credit card data. It identifies actions that hotels — and not their system vendors — need to take immediately in order to minimize their vulnerabilities and to avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached.

  • Cyber criminals are systematically attacking systems that store credit card data
  • Criminal organizations are highly structured and integrated with the world’s organized crime rings
  • Attacks on hotels are highly targeted and effective
  • Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards.
  • The most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place
  • Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.

The three actions are:

  1. Eliminate EVERY default password on EVERY machine on your network — server, workstation, router, firewall, and any other device that has a password.
  2. Eliminate holes in remote access to systems inside your network
  3. Get a firewall and configure it properly. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don’t have a firewall

For more:  http://www.hospitalitynet.org/news/154000320/4050609.html

Comments Off on Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Training

Hotel Industry Employee Risks: New York Hotel Employee Convicted Of Raping Guest And Civil Suit Seeks Damages For "Negligent Hiring, Supervision And Training"

A tourist filed a suit on Monday against a New York hotel where she was raped by an employee.

Her Manhattan federal court suit is seeking unspecified damages from the corporate parent company Surrey Hotel Associates for the allegedly negligent hiring, supervision and training of Jaime Marin Lopez Mendoza.

The victim’s holiday nightmare happened two days after Christmas in 2009. She was attacked at about 3am while sleeping in her room in the Dream Hotel on West 55th Street. He was convicted of first-degree rape in January and received a 15 year prison sentence.

Mendoza struck after helping the stumbling woman and her boyfriend into their room following a night of drinking, the New York Post reports. He ran off when she awoke to find him on top of her.

Manhattan Supreme Court Justice Jill Konviser described the attack as the ‘ultimate example of depravity,’ adding: ‘This crime was not only violent and calculated, but it was a master class in cowardice.’ The victim, who comes from Rhode Island, did not go to the sentencing but wrote a letter which was read out in court.

Read more: http://www.dailymail.co.uk/news/article-1366522/Tourist-sues-New-Yorks-Dream-Hotel-employee-raped-her.html#ixzz1GiAlQ223

2 Comments

Filed under Claims, Crime, Guest Issues, Labor Issues, Management And Ownership, Risk Management

Hotel Industry Flood Damage: Hawaiian Hotels Damaged By Tsunami Would Only Be Covered By Flood Insurance And Commercial Policy "Difference In Conditions" Coverage

Typical property insurance policies written in the United States exclude flood and earthquake damages.

A tsunami is a tidal wave often caused by an earthquake; it is a flood and excluded under most policies. Generally, these perils are only covered by endorsement or special policies.

The normal insurance industry approach to uninsurable hazards has been to exclude them totally. This has left the problem with governments to resolve, and has led to a number of national disaster insurance funds or pools, either completely run by the government as in the case of the U.S. Flood insurance scheme,

Those in vulnerable areas should buy flood and excess flood coverage to insure for tsunami events.  It should be noted that automobile, vehicle, life and health insurance provide coverage for these events. Some mobile home policies and marine forms cover these risks as well. Accordingly, these catastrophes are not completely uninsured when they occur in the United States.

For more:  http://www.propertyinsurancecoveragelaw.com/2011/03/articles/insurance/insurance-coverage-for-tsunami-floods-and-earthquakes/

Comments Off on Hotel Industry Flood Damage: Hawaiian Hotels Damaged By Tsunami Would Only Be Covered By Flood Insurance And Commercial Policy "Difference In Conditions" Coverage

Filed under Flood Insurance, Insurance, Liability, Maintenance, Risk Management

Hotel Industry Health Risks: New York Hotel Guests Are Evacuated After Exposure And Sickness Due To "Carbon Monixide" Coming From Heating Unit On Roof

Nine people were taken to a local hospital this morning following exposure to carbon monoxide that led to the evacuation of a West Seneca hotel.

Serafini called for more police and fire personnel, who found high levels of carbon monoxide in the lower levels of the five-story hotel. Authorities said they believe the carbon monoxide may have settled on the lower floors of the building.

Three other guests of the Hampton Inn on Ridge Road reported ill effects from their exposure to carbon monoxide. West Seneca police responded to a call at about 5:30 a.m. today, when the hotel’s front-desk manager told Officer Anthony Serafini that two people on the second floor were requesting a new room. They felt dizzy and faint and told hotel workers they thought fumes in their room were responsible. 70 guests staying there overnight.

National Fuel crews also responded and found the carbon monoxide coming from a heating unit on the hotel’s roof, police said. “I do not believe any of the injuries are going to be life-threatening,” West Seneca Police Lt. David L. Szmania said late this morning of the nine people taken to Millard Fillmore Gates Hospital.

After the problem was corrected, hotel workers ventilated the building, waited for about two hours and then allowed guests to return to their rooms by about 10 a.m., Szmania said.

The lieutenant praised the police midnight shift along with volunteer firefighters from the Seneca Hose, Winchester and Reserve Hose companies. “It could have definitely been worse,” Szmania said, referring to the January 2009 death of 16-year-old West Seneca resident Amanda Hansen from carbon-monoxide poisoning while she was sleeping over at a friend’s house.

For more:  http://www.buffalonews.com/city/communities/west-seneca/article365298.ece

2 Comments

Filed under Guest Issues, Health, Liability, Maintenance, Management And Ownership, Risk Management

Hospitality Industry Security Risks: Hotel Employee "Erroneously" Gives Room Key To Man Who Is Charged With Child Molestation And Assault

Allegedly, the suspect was not a registered guest at the hotel but was staying with a registered guest. He approached a front desk clerk and stated that he did not have his room key and therefore needed a replacement key.

On top of that, the suspect stated to the clerk which room that he was staying in, and … the clerk did not bother to check the suspect’s identfication against the stated room number.

According to KMOV-News, An intoxicated adult male, Daniel T. Hughes, 42, had asked for a room key at the Ritz Carlton Hotel and was not only given the wrong room key, but climbed into bed with a 9-year old child.

The child’s parents were asleep in an ajoined room. At this time. the Clayton Police Department, do not believe that the suspect had any prediposed motives leading up to the assault, however, he was arrested, charged, and being held on bail. The incident occurred early Sunday evening around 4:00 a.m.

For more:  http://www.examiner.com/offender-awareness-in-st-louis/error-judgment-by-ritz-carlton-employee-leads-to-child-molestation

Comments Off on Hospitality Industry Security Risks: Hotel Employee "Erroneously" Gives Room Key To Man Who Is Charged With Child Molestation And Assault

Filed under Crime, Guest Issues, Labor Issues, Management And Ownership, Risk Management, Training

Hospitality Industry Information Security Risks: "Electronic Pickpocketing" Allows Criminals To Steal Credit And Debit Cards Containing RFID Technology

“…criminals can steal credit cards, debit cards, passports and other valuable information…This crime is referred to as “electronic pickpocketing”.  The technology used to perform this type of theft is called radio frequency identification or “RFID”….

Hundreds of millions of credit cards, debit cards and all passports issued since 2006 are embedded with a radio frequency identification chip—or RFID.  RFID chips are also commonly used in hotel keys, cards that raise gates in parking garages and unlock doors at businesses.  Government, military and port of entry ID cards are also vulnerable to this type of theft.  You need only swipe the card in front of a reader.  The RFID chip is always on, making consumers more susceptible to identity theft. 

Thieves can steal this information by using a frequency reader.  These readers are inexpensive and easy to obtain.  The thief can simply walk next to you and acquire your credit card number and expiration date without any physical contact. While these cards are in your wallet or purse they can transmit your card or passport number and in some states, your digital drivers’ license information when placed near a reader.  The information almost immediately appears on a computer screen without you ever knowing about it.  Apparently U.S. passports are more difficult to read than cards with RFID chips because they require a password.  However, hackers with enough knowledge can see everything on the passport’s front page.   A thief can be long gone before the consumer ever realizes his information has been stolen.  This is “electronic pickpocketing”.

For more: http://www.ktnv.com/story/14225766/consumers-beware-of-electronic-pickpocketing

Comments Off on Hospitality Industry Information Security Risks: "Electronic Pickpocketing" Allows Criminals To Steal Credit And Debit Cards Containing RFID Technology

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Risk Management, Theft

Hospitality Industry Guest Parking Risks: Keys Stolen From "Unattended" Valet Box At Atlanta Restaurant Result In 2 Stolen Cars And Personal Property

 Several sets of car’s keys were taken from an unlocked and unattended valet box near the trendy diner. Another car owner had his 2010 Audi stolen.

The owner of the valet company, Pro Park, said his insurance will cover costs of the stolen cars and replacing all the victims’ keys. 

  ‘It’s pretty brazen to go after them in the view of everyone.’

At a restaurant in Atlanta where a thief took car keys from an unlocked valet box and drove off with a Mercedes which had the ashes of the owner's dead father inside

 

A thief drove off with a car which had the ashes of the owner’s dead father inside the vehicle. Michael Doane’s father died the week before in a car accident and he had planned on scattering the ashes the next day with his family.

The 45-year-old’s Mercedes was parked right in front of  Murphy’s Restaurant in Atlanta’s Virginia Highland area when the cheeky thief struck. Madison Burnett told WSB-TV: ‘It’s pretty brazen to go after them in the view of everyone.’

Restaurant owner Tom Murphy said: ‘This is a tragic situation where a valet company who we subcontracted made a horrific mistake.

‘It is just heartbreaking that this occurred and our prayers go out to this family.  Hopefully the media recognition will greatly assist on the car being found as soon as possible.’

Read more: http://www.dailymail.co.uk/news/article-1359936/Thief-drives-ashes-car-owners-dead-father.html#ixzz1G70BlETl

Comments Off on Hospitality Industry Guest Parking Risks: Keys Stolen From "Unattended" Valet Box At Atlanta Restaurant Result In 2 Stolen Cars And Personal Property

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Information Technology (IT) Risks: "Network Security and Privacy Liability" Insurance Is Available To Protect First-Party Risks And Third-Party Liability Involved In Cyber-Crime

“…Network Security and Privacy Liability policies are generally designed to address first-party risks and third-party liability–sometimes in the same policies, sometimes separately…”

“…first-party losses. These might include business interruption, which could be caused by a flood or fire in a data center, or malicious hacking by a disgruntled employee or even a cyber-crook half a world away...”

There is also the risk of being sued by third parties for somehow allowing–or failing to prevent–unauthorized access to sensitive information.

When IT goes down, business screeches to a halt. Indeed, for businesses such as online retailers, brokerages and some financial firms, the IT and data assets are the entire business–every bit as critical as the factory and warehouse are to the hard-goods manufacturer, or the vehicle fleet to a trucking company.

As more and more companies–and their insurers–are realizing, this reliance on IT creates a hornet’s nest of risks that can result in crippling losses that conventional, turn-of-the-century P&C insurance coverages won’t respond to. These new issues call for a new category of coverage.

Perhaps even more ominous are the all-new liability exposures inherent in IT operations. A raft of relatively new regulations and legislation makes companies responsible for safeguarding personal and confidential data they collect as part of everyday e-commerce operations.

Companies are liable for customer credit card numbers, financial transactions, medical history, credit information and other sensitive data.

For more:  http://www.propertycasualty360.com/2010/03/15/cyber-coverage-the-new-must-have-in-the-property#

Comments Off on Hospitality Industry Information Technology (IT) Risks: "Network Security and Privacy Liability" Insurance Is Available To Protect First-Party Risks And Third-Party Liability Involved In Cyber-Crime

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology

Hospitality Industry Fire Risks: West Virginia Hotel Fire Kills One Guest As Lack Of Sprinkler System, High Winds And Downed Power Lines Thwart Fire Fighters

“…the hotel is about 50 years old and does not have a sprinkler system. The fire, coupled with 30 to 40 mile-per-hour winds, knocked down nearby power lines, forcing the rescue crews back…”

“…The broken live wires forced rescue crews to wait for the power company to arrive at the scene and disconnect the power…”

One person was found dead Saturday morning at the site of a fire that burned a Logan County motel to the ground the day before. The Logan Motor Lodge on Rt. 10 caught fire at about 11:30 p.m. Friday night, Logan firefighter Chris Hatfield said. Firefighters spent about 10 hours battling the blaze, during which one person was reported missing.

It’s not clear whether the body found Saturday morning was that of the missing person. Authorities have not released the name of the person.

Forty of the hotel’s 45 rooms were occupied at the time of the fire, Hatfield said. No other injuries were reported.

“We had a lot of difficulty as far as the high winds were concerned,” Hatfield said.

For more:  http://wvgazette.com/News/201103060427

Comments Off on Hospitality Industry Fire Risks: West Virginia Hotel Fire Kills One Guest As Lack Of Sprinkler System, High Winds And Downed Power Lines Thwart Fire Fighters

Filed under Fire, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Training

Hospitality Industry Employee Risks: Recession Causing More Laid-Off Workers To File "Wage-And-Hour" Claims Which Is Covered Under "Employment Practices Liability" Insurance

“…industry experts say they have seen an increase in wage-and-hour claims, which has led some insurers to stop writing such defense coverage, which most typically is provided for as a sublimit under employment practices liability insurance policies…”

Laid-off workers can, for example, allege that they were not paid for all hours worked, misclassified or not properly paid overtime, experts say.

As layoffs drive wage-and-hour claims, middle-market employers may find defense coverage more difficult to find and more costly when they do, particularly in California, insurers and brokers say. The market firming for wage-and-hour defense coverage comes after a rise in claims by laid-off workers who allege violations of the Fair Labor Standards Act and other laws, according to brokers and insurers.

“It’s a reflection of how difficult it is for employees to find another job,” said Christian Hamlin, a professional lines producer in the Los Angeles office of wholesaler Burns & Wilcox Ltd.

The U.S. unemployment rate remains high, but has improved from the decade’s peak unemployment rate of 10.1% in October 2009, according to the U.S. Department of Labor’s Bureau of Labor Statistics. In February, the U.S. unemployment rate was 8.9%, a 0.1% decline from January, according to BLS.

At the same time, Coverage remains available as some insurers continue to provide it, said Michael Mahoney, senior vp at Willis Insurance Services of California Inc. in San Francisco.

For more:  http://www.businessinsurance.com/apps/pbcs.dll/article?AID=/20110306/ISSUE01/303069982

Comments Off on Hospitality Industry Employee Risks: Recession Causing More Laid-Off Workers To File "Wage-And-Hour" Claims Which Is Covered Under "Employment Practices Liability" Insurance

Filed under Claims, Employment Practices Liability, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management