Category Archives: Theft

by | August 20, 2010 · 5:40 am

Hospitality Industry Cybercrime Risk Management: “Cloud Computing” Providers Will Carry “Cyber Insurance To Mitigate The Risk Of Data Breaches Or Unexpected Downtime”

The manager of a fine hotel would never allow an electrician or plumber to work without being insured; it’s standard fare on service contracts in the physical world. Not so in cloud computing, where provider coverage in the form of cyber insurance is far from a given. This undoubtedly will change as businesses push providers to share the risks of a data breach or unexpected downtime, experts said.

Such large cloud computing providers as Salesforce.com Inc. do carry cyber insurance to mitigate the risk of data breaches or unexpected downtime, but “smaller providers are not carrying insurance and have no plan to [do so] until the larger customers push back and say, ‘You’re in our risk profile now,'” said Drew Bartkiewicz, vice president of technology and new media markets at The Hartford Financial Services Group, a cyber insurance company based in New York.

For the cloud computing model to work, cloud customers, as well as cloud providers, need to share the risk, according to Drue Reeves, director of research for the Burton Group in Midvale, Utah. If a provider were wholly responsible for the data of hundreds or thousands of tenants, it simply wouldn’t be able to buy enough insurance to cover the liability. To protect themselves in this risky situation, cyber insurers generally cap their policies at $10 million or $15 million, forcing providers and large customers to keep shopping, experts said.

For more:  http://searchcio.techtarget.com/news/2240021040/Cyber-insurance-mitigates-the-risk-of-data-breaches-in-cloud-computing

Comments Off on Hospitality Industry Cybercrime Risk Management: “Cloud Computing” Providers Will Carry “Cyber Insurance To Mitigate The Risk Of Data Breaches Or Unexpected Downtime”

Filed under Crime, Insurance, Liability, Theft, Training

Tagged as , ,

by | August 7, 2010 · 6:55 am

Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

“… remote attackers installed a malicious program into the card processing system of Englewood, Colo.-based hotel chain Destination Hotels & Resorts. Guests at 21 Destination properties may have been subjected to credit card theft…”

“..the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data…”

Cybercriminals last year targeted hotels more than any other industry for credit card theft, according to a recent report by data security company Trustwave. Hotels are being targeted because they have large amounts of credit card data and frequently neglect to implement the most basic security precautions, such as changing default passwords or ensuring programs are up to date, said Nicholas Percoco, senior vice president of Trustwave’s SpiderLabs.

As a result, attackers commonly gain entry into a hotel’s network by exploiting default passwords on point-of-sale (POS) applications, added Dave Ostertag, manager of investigative response at Verizon Business. From there, customized malware is loaded onto the hotel’s transaction server that steals credit card information as a transaction occurs.

In March, the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data.

For more:  http://www.scmagazineus.com/rampant-hotel-data-theft/article/174579/

Comments Off on Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

Filed under Insurance, Liability, Privacy, Risk Management, Theft

Tagged as , , ,

by | July 18, 2010 · 12:13 pm

Hospitality Industry Cybercrime: Hotels And Restaurants Combine For Over 50% Of All Credit Card Data Theft Because Of Their Dependence On Credit Cards And Focus On Servicing Guests

“…According to a recent study, 38% of all credit card breaches occur in hotels…financial services industry accounts for 19% of breaches… Retailers 14%, and restaurants at 13%…”

Hotels are easy targets because they are all credit card-based. It is possible to reserve a room without providing a credit card number, but they don’t make it easy. And hotels themselves certainly aren’t fortresses designed to keep bad guys out. They’re designed to be open and inviting, with, at best, a bellman whose focus is assisting guests rather than guarding the front door. Maybe that mentality exists in hotels’ IT security departments, too.

The root of the issue is the hotel industry’s insufficient security measures to prevent data breaches. Many rely on older point of sale terminals and outdated operating systems, which are more vulnerable to hackers. When the recession hit, many hotels cut back and decided to hold off on upgrades.

While their defenses were down, hackers slithered into their networks to steal guests’ personal financial data. Once thieves have accessed this data, they can clone cards with the stolen numbers and use them to make unauthorized charges.

For more:   http://www.finextra.com/community/fullblog.aspx?id=4286

Comments Off on Hospitality Industry Cybercrime: Hotels And Restaurants Combine For Over 50% Of All Credit Card Data Theft Because Of Their Dependence On Credit Cards And Focus On Servicing Guests

Filed under Crime, Insurance, Liability, Theft

Tagged as , , , ,

by | July 12, 2010 · 10:48 am

Hospitality Industry “Employee Theft” Risk Management: Hospitality Business Owners Must Amend Employment Manuals To Specifically Prohibit Employee Access To Company Records Once “Employment Ceases”

“…employers should amend their employment manuals to assert that any authorization granted to an employee to access the company’s networks, files or data automatically ceases when the employee has been terminated, tenders a resignation or forms an intent to leave the employer for any reason — irrespective of whether the employer has actually blocked the employee’s access…”

“…employers should make clear in their employment handbooks, manuals and employment agreements that any authorization to access company data is granted only in furtherance of the employer’s business purposes. They should state explicitly that any other access is unauthorized. Such language has been cited by courts in several cases where employer CFAA claims have been allowed…”

“…employers must remain vigilant to retrieve laptop computers from employees immediately after an employee gives notice. They should also immediately change passwords and close remote access upon learning of an employee’s intention to leave the company…”

According to “A Statistical Analysis of Trade Secret Litigation in Federal Courts,” that was recently published in the Gonzaga Law Reform, the number of trade secret cases has grown “exponentially” in recent years. “Most alleged misappropriators are someone the trade secret owner knows,” the authors write. “Specifically, in over 85 percent of cases, the alleged misappropriator was either an employee or business partner.”

Cases of employee-related data theft more than doubled between 2006 and 2008, according to a study conducted by accounting and consulting firm KPMG. Based on its findings, the firm concluded that the number of such incidents is “almost certain” to increase further, especially in a difficult economic environment.

For more:  http://www.hreonline.com/HRE/story.jsp?storyId=475264808

Comments Off on Hospitality Industry “Employee Theft” Risk Management: Hospitality Business Owners Must Amend Employment Manuals To Specifically Prohibit Employee Access To Company Records Once “Employment Ceases”

Filed under Crime, Insurance, Liability, Risk Management, Theft, Uncategorized

Tagged as , , ,

by | July 8, 2010 · 11:46 am

Hotel Information Security Risks: Hotel Management Must Invest In Data Security Systems To Prevent Point-Of-Sale Theft Of Credit Card Data

“Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”

A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent).

Why hotels? Well, to paraphrase the bank robber Willie Sutton, hackers hit hotels because that is where the richest vein of personal credit card data is. At hotels with inadequate data security, “the greatest amount of credit card information can be obtained using the most simplified methods,” said Anthony C. Roman, a private security investigator with extensive experience in the hotel industry.

“It doesn’t require brilliance on the part of the hacker,” Mr. Roman said. “Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”

For more:   http://finance.yahoo.com/news/Credit-Card-Hackers-Visit-nytimes-3300094848.html?x=0

2 Comments

Filed under Crime, Insurance, Risk Management, Theft

Tagged as , ,

by | July 5, 2010 · 10:42 am

Hotel Industry Theft Risks: Thieves Are Targeting “Unlocked” Vehicles Parked In Secure Parking Areas

According to police, the group had entered a secure parking area and stolen items from at least five vehicles. All of the stolen items were recovered, and police are in the process of identifying all of the victims with the assistance of hotel staff, Kravetz said.

Police allegedly found numerous items which appeared to have been stolen, including iPhones, iPods, bicycling equipment, Mercedes Benz entertainment headphones, phone chargers, and exercise equipment with an estimated value of $2,500.

Four men were arrested at 7:45 a.m. today on suspicion of stealing items from unlocked vehicles at the Montage Resort Laguna, Laguna Beach Police Lt. Jason Kravetz said.

For more:   http://articles.coastlinepilot.com/2010-07-02/news/tn-cpt-0702-burglaries-20100702_1_burglaries-items-officers

Comments Off on Hotel Industry Theft Risks: Thieves Are Targeting “Unlocked” Vehicles Parked In Secure Parking Areas

Filed under Crime, Liability, Risk Management, Theft

Tagged as , ,

by | July 4, 2010 · 10:30 am

Future Hotel Liability Issues: 3D Televisions Will Begin To Be More Common In Hotel Rooms But Will Bring Health Risks In Form Of Seizures And Headaches Along With Theft Of Glasses

 “…there have been reported issues with 3-D causing seizures and headaches in certain segments of the population—which could be a liability issue for hotels…”

.. if 3-D becomes commonplace in the home, expect hoteliers to feel the pressure to bring it into the guestroom sooner or later.

“There needs to be content and a way for hotels to collect more for investing in these TVs,” said Anthony Fonzo, senior product marketing manager, Philips Hospitality. “The 3-D television sets are a significant additional investment for the hotelier. There are also a number of questions—will guests pay to watch 3-D, be comfortable wearing glasses and will the glasses stay in the rooms or become another item that is frequently stolen?”

“We don’t believe 3-D will be relevant for the high majority of hotel rooms,” said Rick Albert, VP sales, hospitality, Panasonic. “TVs would have to be completely replaced and we just don’t see 3-D as enough of an incentive for a property to spend the dollars to do another compete renovation. Plus, until the cost of glasses comes down, it is far too cost-prohibitive to keep glasses in rooms and to replace them often.”

For more:   http://www.hotelworldnetwork.com/0710design

Comments Off on Future Hotel Liability Issues: 3D Televisions Will Begin To Be More Common In Hotel Rooms But Will Bring Health Risks In Form Of Seizures And Headaches Along With Theft Of Glasses

Filed under Injuries, Insurance, Liability, Risk Management, Theft

Tagged as , ,

by | June 24, 2010 · 11:39 am

Hotel Internet And Cybercrime Risks: Texas Hotel Management Company Is Targeted By Thieves Who Steal Dozens Of Customer Credit Card Accounts From Accounting System

“…the thieves made off with the credit card information of dozens of customers who ate at various Destination Hotels & Resorts properties, which are located in a total of 15 states…”

The Austin Police Department said thieves hacked intoThe Driskill Hotel management company’s accounting system and stole customer credit card information.

Authorities said they do not yet know exactly how many victims may have been affected, however, locally, police have received about three dozen complaints of fraudulent transactions, averaging $2,000-$3,000 each.

Losses are expected to total hundreds of thousands of dollars.  The United States Secret Service is also investigating.

For more:   http://www.news8austin.com/content/headlines/272023/driskill-hotel-customers-affected-by-credit-card-theft

Comments Off on Hotel Internet And Cybercrime Risks: Texas Hotel Management Company Is Targeted By Thieves Who Steal Dozens Of Customer Credit Card Accounts From Accounting System

Filed under Crime, Insurance, Liability, Theft

Tagged as , , ,

by | June 23, 2010 · 7:03 am

Hotel Security Risk Prevention: San Diego Police Initiate Pilot Program Linking Hotel Security And Surveillance Cameras To Police Squad Cars

“…If hotel staff call the police, an officer in a squad car can click the hotel location on a Google map, and immediately see live video from the hotel’s security cameras. Police say this will allow them to see crimes in progress, to see suspects and see which way they’re going when they flee…”

San Diego police have begun a pilot program that gives officers access to security camera video inside their squad cars. Officers see it as the way of the future.

The program is a partnership between San Diego Police Department and the Hotel Indigo, located downtown. If hotel staff call the police, an officer in a squad car can click the hotel location on a Google map, and immediately see live video from the hotel’s security cameras. Police say this will allow them to see crimes in progress, to see suspects and see which way they’re going when they flee. The privacy of hotel patrons was a concern. But Mayor Jerry Sanders said cameras are already a fact of life.

For more:   http://www.kpbs.org/news/2010/jun/02/police-create-web-link-security-cameras/

Comments Off on Hotel Security Risk Prevention: San Diego Police Initiate Pilot Program Linking Hotel Security And Surveillance Cameras To Police Squad Cars

Filed under Crime, Injuries, Liability, Risk Management, Theft

Tagged as , , , , ,

by | June 5, 2010 · 10:15 am

Hotel Industry Personal Property Liability: Hotel Owners Are Strictly Liable For Guest’s Property Subject To State’s Innkeeper Statutes

Hotel owners and managers must remember that under the common law, most jurisdictions and subject to certain limited exceptions, they are strictly liable for loss or damage to a guest’s property, unless that liability has been limited by statute.

Innkeeper statues are a product of local rather than federal law. Each state (and the District of Columbia) is free to enact its own innkeeper statute. For this reason, the first thing the innkeeper must do is check the law in each state in which a hotel is located and clearly understand what that law requires.

In this case (Paraskevaides v. Four Seasons Washington), a hotel guest just happened to be traveling with, and decided to place in her in-room safe, jewelry valued at approximately $1.2 million. When someone removed the jewelry from the in-room safe after entering both the hotel room and the safe without force, the guests sued the hotel. One of the defenses the hotel asserted was based upon the Innkeeper Statute applicable in the District of Columbia.

Although the trial court allowed the defense, the appeals court determined that the hotel was not entitled to the statute’s protection because the hotel had failed to comply with the statute’s requirements. The appeals court then sent the case back to the trial court for a determination of the hotel’s liability under the common law. Noting that neither party had addressed that issue on appeal, the appeals court remained silent as to the applicable common law standards. Accordingly, after several years of litigation, the parties are back to square one and the extent of the hotel’s liability remains wide open.

If an innkeeper fully complies with applicable innkeeper statues, the benefits can be significant. Under the District of Columbia Innkeeper Statute, for example, compliance allows innkeepers to avoid all liability for the loss, theft or destruction of property not deposited in the hotel’s safety deposit boxes unless it is “usual, common or prudent” for a guest to retain such property in his or her room. Moreover, compliance with the statute limits an innkeeper’s liability for the loss, theft or destruction of property deposited in the safety deposit boxes to the lesser of $1,000 or the fair value of the property. In order to reap the benefits of these statutes and limit a guest’s common law rights, a hotel must be precise in its compliance.

The District of Columbia’s version of the innkeeper statute required, among other things, that hotels display either a printed copy of the innkeeper statute or a summary of the law in both the guest rooms and in the public rooms of the hotel. The appeals court in this case concluded that the hotel did not display a copy or summary of the statute in its public rooms, and, therefore, could not rely on the statute to limit its liability.

For more:    http://www.hotelinteractive.com/article.aspx?articleID=1605

Comments Off on Hotel Industry Personal Property Liability: Hotel Owners Are Strictly Liable For Guest’s Property Subject To State’s Innkeeper Statutes

Filed under Crime, Insurance, Liability, Theft

Tagged as , , ,