Category Archives: Crime

Hospitality Industry Computer Data Risks: New Orleans Hotels Investigation Finds "Pubic Business Center" Computers Retain "Sensitive Information" In Temporary And Recycle Bin Folders

“…the Louisiana Technology Council says …many hotels make little or no attempt to protect your private information on their public PCs…in business centers…”

“That information will live on that computer until such time that it’s deleted,” said Lewis. “You and I both know that it’s really never deleted. It can be recovered and if someone comes in with software, they may be able to get that data off the PC.”

Eyewitness News sent an intern into about a dozen New Orleans area hotels to search for documents and other information left on public computers after the user logged off. Among the things we found: invoices; insurance papers; tickets to a show at the Lakefront Arena; a certificate from the Texas Department of Insurance and even someone’s monthly pay statement.

Most of the documents contained people’s names, addresses and other sensitive information about the user. “I was amazed that you were able to print out some very confidential and private information from a business center location,” said Lewis.

“If somebody wants to open up a new credit card and in this day and age of identity theft, having that kind of information out there is real frightening,” said attorney Daren Sarphie.

He says in March, the client got a disturbing phone call from a guest at the International House Hotel in downtown New Orleans. The guest told him all of the his private information, including Social Security number, birth date, home address and phone number was contained on a document stored on the hotel computer for all to see.

“The person that accessed, that found this file had just gone to hotel to book plane reservations to go back home to Dallas and in the process, he’s just playing around on the computer and he accessed this directory and is able to pull up all kinds of stuff, said Sarphie.

“You’d think that the hotels at least would have a system in place that they would erase the hard drive on a weekly basis or a daily basis to make sure there are no temporary files saved on that computer,” said Sarphie.

The information we found was easy to access on the computers. Most of it was stored in the PC’s temporary Internet files, saved in the documents folder or waiting to be deleted in the computer’s recycle bin.

The owner of the International House Hotel says it is his hotel policy to purge the public computer’s desk top of any documents and public files every 24-hours. But, he says it is a public computer and people need to be mindful to log out of personal accounts and delete personal documents before leaving the computer.

For more:  http://www.wwltv.com/news/Keeping-It-Safe-On-Hotel-Computers-121350324.html

Comments Off on Hospitality Industry Computer Data Risks: New Orleans Hotels Investigation Finds "Pubic Business Center" Computers Retain "Sensitive Information" In Temporary And Recycle Bin Folders

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology

Hospitality Industry Guest Payment Risks: Hotel Management Must Confirm Credit Card Payments At Check-In

“…A man is accused of staying at a Midtown hotel for a week and not paying his bill….and has been charged with theft of service…”

“…The owner of La Maison told investigators that Aragon gave her a credit card that was declined…”

 According to court documents, Aragon stayed at the La Maison in Midtown bed and breakfast from March 14 through March 21 and did not pay for his hotel room. The owner of La Maison told investigators that Aragon gave her a credit card that was declined. When the owner questioned Aragon, he told her that he was having a house built and that the builder would be taking care of the bill. The owner alleges Aragon left the hotel without paying the $1,675 bill.

Investigators say Aragon told them the builder was supposed to pay the bill and that there was some misunderstanding about the bill. Aragon said he had placed a money order in the mail and that the owner should have received it in the mail. The owner told investigators that she never received payment.

For more:  http://abclocal.go.com/ktrk/story?section=news/local&id=8111479

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Theft, Training

Hospitality Industry Information Security Risks: Hotel Management Must "Encrypt All Confidential Guest Data" To Decrease "Public Exposure Of Data"

“…99% of businesses around the globe at present no longer store confidential information on their systems and 75% continuously complied with PCI requirements…”

“…encrypting confidential information will “shrink the card data environment,” thus a minimal to zero possibility of public exposure of these data…”

To prevent fraud, she proposed three ways for the card industry:

  • Widespread distribution of ‘smarter’ payment devices is one, where EVM (chip-and-pin) cards will be used
  • Smarter networks to stem the cyber crime before or when it happens
  • A cardholder authentication method such as two-factor authentication

“Visa’s global fraud rate recently hit a historic low – at just over 5 cents for every $100 transacted, down more than two-thirds from the levels of 20 years ago,” she added.

She urged the card industry to step up a bit more its security measures as most consumers believe cyber criminals are ahead of what’s already in place. According to Richey, 61% of consumers are of the opinion that the security measures of the card industry are one step behind cyber criminals.

Rather than keeping pace with cyber crime which would only exhaust resources, Richey proposed getting smarter as a better solution in combating fraud and protecting card data.

“We need to use all the intelligence we have at our disposal. I think that the opportunities to get smarter and fight fraud are all around us,” she said.

Richey, on the other hand, recognized the fact that these suggestions will be costly and will require tremendous resources.

For more:  http://inaudit.com/audit/it-audit/cyber-crime-vincible-through-smarter-technologies-visa-5856/

Comments Off on Hospitality Industry Information Security Risks: Hotel Management Must "Encrypt All Confidential Guest Data" To Decrease "Public Exposure Of Data"

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Pool Risks: Pennsylvania Hotel "Alcohol-Related" Hot Tub Death Highlights Dangers Of "After-Hours" Usage Of Pool And Hot Tub Rooms

“Management is now considering whether to prevent guests from being able to enter the room after hours…”

“…Hotel guests must use a plastic keycard to unlock a door to access the pool and hot tub room…Rules posted clearly on the door say it is open from 6 a.m. to 11 p.m., and guests use the pool and hot tub “at their own risk,” 

Authorities have identified John Saviello, 42, of Bridgeport, Montgomery County, as the man who died after being found unresponsive in a city hotel hot tub.

Mr. Saviello’s death Wednesday morning was ruled accidental, authorities said. He was pronounced dead at Community Medical Center after being found in a hot tub at the Clarion Hotel on Meadow Avenue.

Mr. Saviello graduated from the University of Scranton in 1992, earning a Bachelor of Science degree in biology, university spokesman Stan M. Zygmunt said.

Why he was staying at the hotel or visiting the area was not clear on Thursday.

Authorities have not yet identified a 45-year-old woman who also was found unresponsive and intoxicated in the hot tub. She was OK after being taken to Community Medical Center, Scranton Police Chief Dan Duffy said.

Lackawanna County Coroner Tim Rowland said after an autopsy that the use of drugs and alcohol might have led to Mr. Saviello’s death, but results of a toxicology report will take several weeks.

In the hotel lobby on Thursday, assistant general manager Mark D’Angelo said the staff will review safety procedures in light of the incident.

“It’s a tragedy,” Mr. D’Angelo said. “We do have to learn from it, if there are any precautions we have to take.”

Hotel guests must use a plastic keycard to unlock a door to access the pool and hot tub room, Mr. D’Angelo said. Rules posted clearly on the door say it is open from 6 a.m. to 11 p.m., and guests use the pool and hot tub “at their own risk,” he said.

Management is now considering whether to prevent guests from being able to enter the room after hours, Mr. D’Angelo said.

Read more: http://thetimes-tribune.com/news/victim-identified-in-hot-tub-drowning-1.1136101#ixzz1KGRJb400

2 Comments

Filed under Crime, Guest Issues, Health, Injuries, Liability, Management And Ownership, Pool And Spa, Risk Management

Hospitality Industry Security Risks: "Extended-Stay" Hotels Can Be "Havens For Crime" Unless Extra Security Measures Are Implemented Including Use Of Off-Duty Police Officers And Criminal Record And Sex Offender Background Checks

Extended-stay hotels make up about 10 percent of the hotel industry, said Joe McInerney, president of the American Hotel and Lodging Association.

“…the list of crimes reported at a Value Place extended-stay hotel included prostitution, drug sales, methamphetimine manufacture, heroin use, drug overdoses, child pornography, theft and a rape.

“…City officials and hotel leaders met April 4 and hashed out an agreement…. The hotel agreed to employ an off-duty Arnold police officer 24 hours a day. The hotel already was checking to make sure potential guests weren’t sex offenders, but will now check for other criminal offenses, as well….”

City officials were fed up and threatened to revoke the hotel’s business license. But a recent agreement to curtail crime at the 124-unit hotel is working, authorities say.

“By word of mouth, one tells the other this is a place where you can set up shop and be unencumbered,” Unrein said. Police had been called to Value Place about 230 times since it opened, Unrein said. That’s more than triple the number of calls to the city’s three other hotels combined, he said.

Problems reached a head this month. The hotel is offering a free hotel room where an Arnold police officer can live and have allowed police dogs to roam the halls this month, said Gina-Lynne Smith, president of Value Place.

The chain has a hotel in St. Charles. Police get more calls for service at that hotel than others in town, but it’s certainly not a nuisance, said Sgt. Todd Wilson of the city’s police department.

The hotels are not popular everywhere. Subdivision residents in Oakand Park, Fla., launched a campaign to keep a Value Place from being built nearby. So far, they have succeeded.

Their guests range from those who can’t afford a lease to professionals away from home for a temporary job assignment or extended training.

Kell Stovall of Memphis, an estimator for a roofing company, said he is spending his third week at the Arnold Value Place. He plans to move to an apartment at the end of the month.

He considered staying elsewhere after hearing about the hotel’s history but opted not to leave because he hasn’t had any problems. He said police officers knock on his truck windows to check on him when he talks on his phone on the hotel’s lot.

For more:  http://www.stltoday.com/news/local/metro/article_76aae994-5d06-5e84-aaf6-5d7f13adc180.html

2 Comments

Filed under Crime, Guest Issues, Management And Ownership, Risk Management, Theft, Training

Hospitality Industry Guest Risks: Hotels From Hawaii to New York Have Employed Radio Frequency Identification (RFID) To Reduce Towel Theft

“…Linen Technology Tracking, a Miami-based company (has)  patented a washable Radio Frequency Identification (RFID) chip for hotels to sew into towels, robes and bed sheets…”

The chip can trigger an alarm if a guest tries to take a tagged item from the premises. The New York Times reports that three hotels in Honolulu, Manhattan and Miami have introduced the system but wish to remain unnamed.

William Serbin, the executive Vice President of Linen Technology Tracking tells the New York Times that high cotton prices led to costlier towels which served as motivation for developing an anti-theft system. He adds that the technology has a double purpose — in addition to catching thieves, it helps hotels monitor linen demand and adjust their supply accordingly.

It’s a successful system. The Honolulu hotel has saved nearly $15,000 since implementing the tags last summer and their monthly towel theft is now less than a quarter of what it was before. Can travelers hope for rapid rate reductions as a result? Probably not, but NewsFeed can dream.

Read more: http://newsfeed.time.com/2011/04/18/want-to-steal-a-hotel-towel-check-for-a-new-tracking-chip-first/#ixzz1JvjQgc7I

Comments Off on Hospitality Industry Guest Risks: Hotels From Hawaii to New York Have Employed Radio Frequency Identification (RFID) To Reduce Towel Theft

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Information Security Risks: Large Email Marketing Services Company To Many Hotels Has Data Breach And Guest Email Accounts Are Stolen

In addition to the banks, other impacted companies included hotel brands Ritz-Carlton Rewards and Marriott Rewards, and retail heavyweights Home Shopping Network, Walgreens, Brookstone, New York & Company and Kroger. TiVo is also included in this list.

“…customers should “exercise extreme caution,” as email addresses are all cyber-criminals need to initiate a phishing attack. Users can expect to see more spam, and should be vigilant about email offers that ask for personal information or have links to other sites that ask for personal information.”

Many of these phishing attacks tend to take the form of security alerts—informing users that their accounts have been compromised and they should verify their log-in credentials to reset their accounts—or direct marketing scams promising special deals that require a credit card number.

Epsilon, a large email marketing services company with a roster of A-list clients, reported a data breach that is impacting practically anyone who has ever signed up to receive a retail offer or alert through its email account. The company warned that thieves may use the information to launch a phishing campaign to trick users into disclosing more critical data.

On March 30, Epsilon detected “an unauthorized entry” into its email system. During this time, a subset of clients’ customer data was exposed. Epsilon only has the information of people who opted-in to receive marketing emails, and the theft was limited to email addresses and customer names, according to the company.

“A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway,” Epsilon said in a terse statement on April 1.

“Epsilon has advised us that the files that were accessed did not include any customer information other than email addresses,” used books retailer AbeBooks wrote in a message to customers on April 3.

For more:  http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Hits-Banks-Retail-Giants-154971/

Comments Off on Hospitality Industry Information Security Risks: Large Email Marketing Services Company To Many Hotels Has Data Breach And Guest Email Accounts Are Stolen

Filed under Crime, Guest Issues, Maintenance, Management And Ownership, Risk Management, Technology

Hospitality Industry Risk Management: "P3 Hospitality Risk Report – Knox Boxes" (Video)

[youtube=http://www.youtube.com/watch?v=KvAGRwo1UPI]

Petra Risk Solutions’ Director of Risk Management, Todd Seiders , offers a P3 Hospitality Risk Report – ‘Knox Boxes’. 

P3 ( Petra Plus Process) is the Risk Management Division of Petra Risk Solutions – America ’s largest independent insurance brokerage devoted exclusively to the hospitality marketplace.

 For more information on Petra and P3 visit petrarisksolutions.com or call 800.466.8951.

Comments Off on Hospitality Industry Risk Management: "P3 Hospitality Risk Report – Knox Boxes" (Video)

Filed under Crime, Guest Issues, Injuries, Insurance, Liability, Management And Ownership, Risk Management

Hospitality Industry Guest Security: Hotel Security Depends On Management Adopting A "Global Security Program"

Effective security and risk management relies on a foundation of principles including critical rapid data flow, standardization of emergency protocols, executive leadership and effective local management, not luck. We can guarantee only that attacks against hotels will happen again. The nature of the hospitality industry offers porous, soft, attractive targets.

The corporate security departments of most major hotel brands are not budgeted to provide the effective layers of detection or deterrence required to minimize this risk. A cautious examination of the major world economies reveals the first early signs of improvement. This presents an opportunity for major brands to offer an enhanced measure of security to their important customer base. We should consider that the safety of business and recreational travel is on the minds of everyone who boards a plane and visits or stays as a guest in your facilities. Comfortably resolving this sense of uneasiness is good business.

There are several critical elements required to create an effective hotel global security program:

•    security risk management software (global command and control);
•    security management standardization by venue;
•    new generation security equipment with software analytics; and
•    training.

Management methods that increase margins and reduce the risk of crime, terror, accidents and incidents, can be summarized by four words: global command and control.

For more:  http://www.hotelnewsnow.com/Articles.aspx/5239/Guest-safety-in-an-unsafe-world

2 Comments

Filed under Crime, Guest Issues, Injuries, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology

Hotel Industry Credit Card Security: "Cyber Criminals" Steal Credit Card Data On Hotel Computer Systems That Lack Critical Firewalls

Cyber criminals are systematically attacking systems that store credit card data, including Point-of-Sale and Property Management Systems. The criminal organizations are highly structured and integrated with the world’s organized crime rings.

Detailed forensic analysis by law enforcement agencies and specialized private-sector security practices, as well as by security departments at major hotel groups around the world, leave little doubt that the attacks on hotels are highly targeted and effective.

Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards. Unfortunately this is far from the case. Even such validated systems can be vulnerable if the hotel operates them in an unsecured manner. Leading forensics firms agree that the most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place. Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.

  • Eliminate EVERY default password on EVERY machine on your network – server, workstation, router, firewall, and any other device that has a password. The most important machines to check are the ones you think are NOT vulnerable, such as a PC on an engineer’s desk for monitoring building systems, or the PC in the parking garage attendant’s office, or the one in a closet running your keycard system.
  • Eliminate holes in remote access to systems inside your network. Remote access by vendors is an essential part of support for many hotel systems. The data thieves know this, and they know how to use it to get inside your network. They know all the default passwords, and they have even been known to steal master customer lists, complete with current passwords, from vendors.
  • If you were to store stacks of money in plain sight in an exit stairwell, you would expect to be robbed. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don’t have a firewall. If you are connected to the Internet without one, then people you don’t know, from around the world and many with malicious intent, are reaching into your network.

For more:  http://www.traveldailynews.com/pages/show_page/42199-Hotel-associations-issue-joint-statement-on-credit-card-security

Comments Off on Hotel Industry Credit Card Security: "Cyber Criminals" Steal Credit Card Data On Hotel Computer Systems That Lack Critical Firewalls

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft