Category Archives: Crime

Hospitality Industry Information Security: Hotels And Resorts Are Targeted For Cyber Attacks Because Of Faulty "Data Collection Practices"

“…The report said the largest share of cyber attacks — 38% — were aimed at hotels, resorts and tour companies…”

“… large hotel chains are most vulnerable because hotel management companies may not be able to monitor how data is collected and stored at dozens or even hundreds of properties throughout the world. Independent contractors who work for individual hotels can also open the door to hackers and computer viruses…”

A business traveler who books hotel rooms via the Internet, may be at higher risk of being victimized by computer hackers and identity thieves.

Insurance claims for data theft worldwide jumped 56% last year, with a bigger number of those attacks targeting the hospitality industry, according to a new report by Willis Group Holdings, a British insurance firm.

That could spell trouble for business travelers who submit credit card numbers and other personal information to hotel websites, said Laurie Fraser, global markets leisure practice leader for Willis.

For more:  http://www.latimes.com/business/la-fi-travel-briefcase-20110815,0,65581.story

Comments Off on Hospitality Industry Information Security: Hotels And Resorts Are Targeted For Cyber Attacks Because Of Faulty "Data Collection Practices"

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Theft Risks: West Virginia Hotel Foils Flat Panel TV Theft With Electronic Key Audit; Thief Was Guest Who Was Fined $250 For Smoking In Room

“….a West Virginia man was fined $250 for smoking in his room…(the extra charge was added) onto the bill and slipped under the door…(he) was so upset that he retaliated by stealing a $500 flat-screen television from the hotel’s workout room, Palm Beach police said…”

The hotel found its thief by auditing the guest keys used to access the workout room, police said. It then located an object the size of the missing television hidden by a bed sheet in Nelson’s rental vehicle.

But some quick detective work by police and a hotel employee led to Nelson’s arrest Friday on a charge of grand theft. Police took him to the Palm Beach County Jail.

Nelson told detectives he used a penny to unscrew some screws and a tire iron to break a lock that held the television to a wall bracket.

For more:  http://www.palmbeachdailynews.com/news/smoking-fine-spurs-theft-of-hotel-flat-screen-820141.html

4 Comments

Filed under Crime, Guest Issues, Insurance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Employee Theft Risks: Maryland Hotel And Convention Managers Indicted For Theft In Employee Insurance Scam

“…authorities believe that Mohammad and Rowhani stole about $17,000 from roughly 19 employees who thought the money was being put into an account to pay for insurance…”

A trial date has been set for two Hagerstown Hotel and Convention Center senior managers who prosecutors allege stole about $17,000 from employees during an insurance scam.

Hassan Mohammad, 56, and his wife, Yasamane Rowhani, 47, both of 2142 Cathedral Ave. in Washington, D.C., were indicted by a Washington County grand jury on one count each of theft/scheme over $500 and conspiracy to commit theft/scheme over $500, according to Washington County Circuit Court documents.

For more:  http://articles.herald-mail.com/2011-08-02/news/29844890_1_trial-date-scheme-insurance-scam

 

Comments Off on Hospitality Industry Employee Theft Risks: Maryland Hotel And Convention Managers Indicted For Theft In Employee Insurance Scam

Filed under Crime, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Crime Risks: Major Hotel Operator Improves Staff Training And Procedures After "Gang-Led Child Prostitution Ring" Investigation Results In Indictment Of California Hotel Owner

“…The investigation resulted in an April federal indictment of 38 people, including suspected gang members and the owners of a Wyndham-franchised Travelodge in Oceanside, authorities said…”

Hotel operator Wyndham Worldwide will improve its staff training and procedures after authorities cracked down on gang-led child prostitution rings in California hotels, a probe that drew media and activist attention to the chain, a hotel spokesman said Friday.

Wyndham is expanding its years-long efforts to fight child sex trafficking by reviewing its operating practices in partnership with the nonprofit ECPAT-USA (Ending Child Prostitution and Trafficking), said Michael Valentino, director of communications for Wyndham Worldwide.

Southern California authorities recently completed an 18-month investigation into allegations that three rival Crips gangs collaborated to prostitute girls and women out of California hotels through Internet-arranged meetings.

 A CNN story in June prompted one activist to lead a 14,000-signature online petition drive on Change.org, an activist platform, demanding that Wyndham reform its business policies.

“As long as human trafficking and exploitation continue to be supported by those profiting from this tragic practice, we believe no member of the travel and tourism industry can ever guarantee these events will not occur in the future,” Valentino told CNN in an e-mail Friday.

For more:  http://thecnnfreedomproject.blogs.cnn.com/2011/08/01/hotel-chain-boosts-staff-training-to-fight-child-prostitution/

Comments Off on Hospitality Industry Crime Risks: Major Hotel Operator Improves Staff Training And Procedures After "Gang-Led Child Prostitution Ring" Investigation Results In Indictment Of California Hotel Owner

Filed under Crime, Guest Issues, Labor Issues, Liability, Management And Ownership, Risk Management, Training

Hospitality Industry Liability Risks: Florida Hotel Sued By Victim Of ATV Crash For "Serving Alcoholic Drinks" To Defendent

“…The lawsuit, filed in Miami-Dade County Circuit Court, contends that the Clevelander Hotel regularly allowed on-duty police officers to drink alcohol and hang out at its nightclubs…”
 
A lawsuit filed Thursday claims that a popular South Beach hotel regularly served alcoholic drinks to an on-duty police officer who later crashed his speeding all-terrain vehicle into two people strolling the beach before dawn, seriously injuring both.

The lawsuit filed on behalf of Kitzie Nicanor, 29, seeks unspecified damages from the Clevelander Hotel and Derick Kuilan, who was fired from the Miami Beach Police Department shortly after the July 3 crash. Kuilan, 30, also faces criminal charges in the case.

Nicanor suffered a traumatic brain injury that will likely require years of rehabilitation, said her attorney Frank Toral. Nicanor, a Seattle resident who has a 1-year-old son, remains hospitalized in stable condition. Her parents are caring for her son.

Earlier this week, Miami Beach Police Chief Carlos Noriega said his department was investigating whether on-duty drinking by officers, clearly banned under agency policy, was nevertheless more common than expected.

http://www.newsok.com/atv-crash-lawsuit-names-sobe-hotel-fired-cop/article/feed/280408?custom_click=pod_headline_usnational-news

Comments Off on Hospitality Industry Liability Risks: Florida Hotel Sued By Victim Of ATV Crash For "Serving Alcoholic Drinks" To Defendent

Filed under Crime, Guest Issues, Health, Injuries, Insurance, Liability, Management And Ownership, Risk Management

Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Cyber Liability Myths Exposed

By Brad Durbin – Petra Risk Solutions 

 

In today’s e-commerce society, operating your hotel without cyber liability coverage is like attempting to drive your car blindfolded on a  Southern California  freeway during rush-hour traffic. 

Here are three common myths and misconceptions I’ve heard repeatedly when discussing cyber liability insurance coverage with hotel owners and operators. 

Myth #1 – “I use the online reservation system offered by my franchise.  They’ll cover me if their system is hacked and my guest’s personal information is compromised.”

This is by far the most common misconception among hoteliers about their exposure and responsibility for a data breach. It’s easy to see why.  You are using your franchisor’s reservation system, which is offered as part of your franchise agreement.  Why wouldn’t they cover you if their system is hacked? 

The answer is in your contract.  While some franchise agreements are more favorable in this area than others, most contain special provisions regarding the use of their online reservation systems.  These provisions typically state that the hotel will be responsible for defending the franchisor and holding them harmless, regardless of whether the data breach came from within the online reservation system. 

The exposure is even greater for non-franchised properties using third party reservations system providers or wholesalers.  I have yet to come across a contract for these services that could be viewed as favorable for the hotel in the event that the reservation system is breached. 

 Myth #2 – “If a hotel guest’s credit card information is stolen at the property level, my Payment Card Processing company will cover me under their policy.” 

Most hoteliers erroneously assume that their Payment Card Processing Company (PCP) will have their best interest in mind in the event of a data breach.  I’m not sure why.  No business, regardless of how great or longstanding your relationship with them has been, will volunteer to pay significant attorney costs and consumer notification fees for you unless they are contractually obligated to do so.  Not surprisingly, most PCP contracts are heavily weighted in favor of the PCP provider regardless of where the data was taken from or if the PCP company is to blame.

Your liability is even greater for a data breach that can be traced back to the hotel property level.  If this happens, the Payment Card Industry (PCI) mandates that you conduct a forensic accounting audit of all your records.  These audits can cost $20,000 – $25,000 for a single location, limited service property. This amount does not include fines typical for any non-compliance issues discovered during the audit. 

Myth #3 – “Cyber liability coverage is a waste of money.”

Most states have laws requiring you to notify EVERY GUEST in your database upon discovery of a breach (e.g. California Senate Bill 1386).  Analysts estimate that the average cost for this notification is approximately $30 per record.  Multiply this by the number of records in your system, or the number of guests who have stayed at your hotel over the years, and you can see just how financially devastating these claims can become. 

For a typical limited service franchised property with $2,500,000 – $5,000,000 in annual room revenue, a cyber liability policy with a $1,000,000 limit can usually be obtained for less than $7,000 annually… an extremely fair price point considering the risks and hefty costs associated with a data breach.

Final Thoughts

When a hotel data breach occurs, guests won’t know or care that another company may be responsible.  They will come directly to the hotel for a remedy. The ENTIRE FINANCIAL BURDEN for notification costs, legal defense, and monetary settlement of all related claims may be borne directly by the hotel – if it does not have an appropriate cyber liability insurance policy in force.

To protect your hospitality assets, select and obtain cyber liability coverage that will address PCI fines, consumer notification costs, credit monitoring, and any government or regulatory action levied against your business in the event that a data breach is discovered.  Not all cyber policies include coverage for these areas, so it’s important for you to work with a qualified hospitality insurance broker. 

Securing proper cyber liability insurance coverage is a cost effective method for hoteliers to help mitigate the risks associated with owning and operating a hotel in today’s digital society. 

———————————————————————-

Brad Durbin is a Hospitality Insurance Specialist with Petra Risk Solutions. For questions about Hotel Cyber Liability or any other Hospitality Risk Solutions, contact Brad at bradd@petrarisksolutions.com.

Comments Off on Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology

Hospitality Industry Cybercrime Risks: Hotel Management Must Insure Against "Illegal Use" Of Internet Access By Individuals Engaging In "Online Piracy"

“Small businesses that offer Internet access, such as a coffee shop or a hotel or even a car mechanic with a waiting area, should be aware of the industry’s crackdown on piracy and take steps to ensure their customers aren’t using the service to steal content,”

 “…people don’t want to pirate music from home because they’re afraid of getting caught, so they’ll use the WiFi connection of a (outside business)…”

The National Federation of Independent Business, a non-profit small-business association, issued a warning to Main Street entrepreneurs who offer Internet access to their customers: Take steps now to avoid allegations of online piracy. Record labels, movie studios and other industry groups recently struck a deal where participating Internet providers will issue warnings to customers whose accounts are allegedly used to steal content.

Under the deal, customers whose accounts are allegedly used for piracy will receive at least five alerts from their Internet provider. Upon sending the fifth notice, the Internet provider may implement certain “mitigation measures” to stop the alleged piracy, including reducing Internet speeds or redirecting traffic to a special landing page until the customer contacts the Internet provider to discuss the issue.

“Internet service providers wouldn’t have to pull the plug on a customer after the sixth notice, but that’s a possibility, and that’s where businesses have to watch out,” said Beth Milito, senior executive counsel for the NFIB. “Small businesses rely on their Internet connections the same way they do the telephone. It’s how they communicate with customers and vendors. It’s where they do business.”

  • One easy way to discourage abuse for businesses offering WiFi is to prevent people who aren’t customers from using their Internet connection by requiring a password. “For example, they could print a password on the receipt and change it periodically, to prevent non-customers from using the service,” Milito said.
  • Businesses can also block access to certain Websites and types of Websites, she added. “This requires a little bit of know-how on the part of the small-business owner, and it may accidentally block access to legitimate Websites, but it also can discourage people from using a business’s network to steal content,” she said. “With more and more people carrying smartphones and even tablets, free WiFi can help a small business attract and keep customers, but unless a business owner uses commonsense and takes precautions, those customers could come at a hefty price.”

For more:  http://www.eweek.com/c/a/Midmarket/Security-an-Issue-for-Businesses-Offering-Free-WiFi-253920/

Comments Off on Hospitality Industry Cybercrime Risks: Hotel Management Must Insure Against "Illegal Use" Of Internet Access By Individuals Engaging In "Online Piracy"

Filed under Crime, Insurance, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Guest Credit Card Security: Tips For Securing Hotel Computer Systems Against Credit Card Data Theft (Video)

[youtube=http://www.youtube.com/watch?v=iCmZ9DlrI9o]

Sue Zloth, is a member of the HFTP PCI Compliance Roundtable, provides key tips for securing guests’ credit card data at the 2011 Hospitality Industry Technology Exposition and Conference (HITEC) conference.

  • Change default passwords on all new information systems
  • Do not allow remote access into hotel computer systems
  • Minimize areas where credit card data is stored

Comments Off on Hospitality Industry Guest Credit Card Security: Tips For Securing Hotel Computer Systems Against Credit Card Data Theft (Video)

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft, Training

Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

“..security breaches are still happening at an even more significant pace with more damaging results.  In the end, many of these advanced intrusions and data security breaches are focused on taking over access to the accounts and permissions of specific “privileged” users in an organization who have access to sensitive data…”

“…These privileged users are specifically targeted by outside hackers because they have proverbial keys to the kingdom, but in some cases the inside user themselves is intent on stealing or doing damage…” 

One solution that is emerging to this problem is to carefully monitor everything (e.g. every key stroke and every mouse click) that a privileged user does on the network, while also putting more granular limits on what they can do.  Basically “trust but verify,” with the goal being detecting any anomalies in a privileged user’s computing usage (e.g. why is this person downloading the source code at 3 a.m.?).  This is not uncommon as it relates to other privileged users in other jobs — the “Eye in the Sky” in the casinos in Las Vegas is equally monitoring the gamblers for cheating but is also monitoring the dealers, and at a bank the CCTV is not only looking for robbers but the teller slipping some money in their pocket.

Instructive of the value of this new approach is that immediately after its breach, the RSA division of EMC acquired private company Netwitness for a reported large premium.  Netwitness is known for analyzing user activity monitoring at the network layer.  In addition, the latest security vendor to file for an IPO, Imperva, has as its core solution the ability to monitor database access and usage by Database Administrators, another type of privileged user.

For more:  http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/

Comments Off on Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Theft Risks: New York Hotel Has Valuable Painting Stolen From Lobby As "Surveillance System" Identifies Man Walking Out With Covered Object

“…A video surveillance shows a man walking into the swanky building then coming out a short time later with a bag not visible in the first clip”…

An art thief made off with a painting worth a reported $350,000 from the Upper East Side’s posh Carlyle Hotel early Tuesday morning. The Fernand Leger painting, which went missing from the lobby hallway, was on loan from the Helly Nahmad Gallery located inside the hotel’s swanky Madison Avenue building.

“The Carlyle’s security personnel reported the painting missing at 3:30 a.m. to the 19th Precinct as well as the gallery owner,” a hotel spokeswoman said. “A complete investigation is now in process.”

The 1917 ink-on-linen by Leger — a French artist who was part of the Cubism movement — was apparently only 10-inches-by-8-inches. The Madison Avenue landmark, a favorite for presidents and prime ministers, boasts of itself as “a showcase great art, a purveyor of privacy and a sanctuary of luxury and refined taste,” on its website.

Read more: http://www.dnainfo.com/20110629/upper-east-side/art-thief-swipes-fernand-leger-painting-at-carlyle-hotel#ixzz1QmBxtyM0

Comments Off on Hospitality Industry Theft Risks: New York Hotel Has Valuable Painting Stolen From Lobby As "Surveillance System" Identifies Man Walking Out With Covered Object

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Theft