Category Archives: Theft

Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

“…the Houston Hyatt may not be the only site hit with the Onity hack. An alert published by the insurance firm Petra Risk Solutions in October claimed that “several” hotels in Texas have had their locks opened with Brocious’ technique. Todd Seiders, a former Marriott security director who now works as director of risk management at Petra, says he spoke with the general manager of one of those hotels, who knew of at least three Texas hotels affected in total…”

“…hotels with Onity locks need to either shell out for Onity’s circuit board fix or at least block access to their locks’ ports, says Todd Seiders of Petra Risk Solutions–he estimates that more than 80% of his customers have implemented a fix since August, but says that many more hotels around the world may not have been so careful…”

Whoever robbed Janet Wolf’s hotel room did his work discreetly. When Wolf returned to the Hyatt in Houston’s Galleria district last September and found her Toshiba laptop stolen, there was no sign of a forced door or a picked lock. Suspicions about the housekeeping staff were soon ruled out, too—-Wolf says the hotel management used a device to read the memory of the keycard lock and told her that none of the maids’ keys had been used while she was away.

Two days after the break-in, a letter from hotel management confirmed the answer: The room’s lock hadn’t been picked, and hadn’t been opened with any key. Instead, it had been hacked with a digital tool that effortlessly triggered its opening mechanism in seconds. The burglary, one of a string of similar thefts that hit the Hyatt in September, were real-world cases of a theoretical intrusion technique researchers had warned about months earlier—one that may still be effective on hundreds of thousands or millions of locks protecting hotel rooms around the world.

Last month Houston police arrested 27-year-old Matthew Allen Cook and charged him with theft in a September 7th break-in at the Hyatt House Galleria. Police also listed Cook as a suspect in the theft from Wolf’s room four days later and that of another guest at the hotel. Cook, who has a prior history of arrests for thefts and burglary, was identified when an HP laptop stolen from one of the hotel rooms was found in a local pawn shop, where staff helped police to identify him.

For more:  http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/?goback=.gde_76056_member_189780979

Comments Off on Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Technology, Theft

Hospitality Industry Theft Risks: Hawaii Hotel Store Shoplifter Steals $2,000 Worth Of Merchandise; Surveillance Cameras Record Theft

A shoplifter brazenly stole more than $2,000 worth of merchandise from a small clothing and jewelry shop in a Waikiki hotel. The whole theft was recorded on surveillance cameras, and the video has been posted online in an effort to nab the suspect.

[youtube=http://www.youtube.com/watch?v=L7CoKibjaDo&feature=youtu.be]

The theft happened Nov. 5 at the Angels By The Sea store at the Waikiki Beach Marriott Hotel. The surveillance video clearly shows a woman looking through some of the clothing. She then removes the clothing from its hanger, rolls it up, and casually puts it in a large bag.

The store’s owner said the woman told the sales clerk a story. According to store owner and designer Nina Thai, the woman claimed to be a jewelry designer from Kauai. “‘I make a lot of jewelry, so I want to have time to take a look so leave me alone,'” Thai said the woman told the clerk.

The store usually has two or three clerks on duty, but Thai said the store was short-handed that day, and only had one clerk at the time. And when that lone clerk was busy with a customer, the shoplifter helped herself to the jewelry.

The store’s management said they discovered the theft because the shoplifter had moved a lot of the jewelry from their usual places. “Because we stay in here more than at home,” said Thai. “So we remember every single item.”

And then they saw the surveillance video, and watched as the woman took earrings, necklaces, pendants, leggings and tops. The haul was the by far the biggest theft in the store’s three-year history.

For more:  http://www.hawaiinewsnow.com/story/20124145/shoplifter-ignores-surveillance-cams-video-now-on-youtube

Comments Off on Hospitality Industry Theft Risks: Hawaii Hotel Store Shoplifter Steals $2,000 Worth Of Merchandise; Surveillance Cameras Record Theft

Filed under Crime, Insurance, Maintenance, Management And Ownership, Technology, Theft

Hospitality Industry Security Risks: Major Hotels Increase Review Of Guest Security Processes After Recent Reports On Door Lock Vulnerability

“…An assault on guests or theft of their belongings during a hotel stay can result in a court case…the “reasonable person” test is used to determine the outcome. If hotel owners are made aware of a procedure or item in their property that is not keeping the guest safe, they are required to do what a reasonable person would do under those circumstances. “And if they don’t, they’re negligent…”

Recent media reports scrutinizing the vulnerability of guestroom door locks have brought hotel guest safety issues to the forefront of hoteliers’ minds. As the media and traveling public continue to express their concerns, hotel companies are taking steps to ensure a safe environment for guests.

Marriott International, for example, issued a statement on its website that said the company is in the process of implementing solutions to resolve any issues with door locks that could compromise guest safety.

Reevaluating standards and policies
As hotel management companies and major hotel brands continue to review security processes and implement solutions, there are a few points for hoteliers to keep in mind when it comes to guest safety, according to Fred Del Marva, president of hotel consulting firm Del Marva Corporation.

Guest safety starts at the front desk during the check-in process, Del Marva said. The standard policy throughout the industry is for front-desk employees not to verbally issue guests their room numbers, he said.

For more:  http://www.hotelnewsnow.com/Articles.aspx?ArticleId=9384&par1=z7Vqd2AtHfkNLvAuP25I0Q==&par2=2EAFVJU1Lms7zTjNNV7iNMJVd1wKf1Q9bx5n/Mqpu2K12/66UcXBIn1NuEvyifCh&goback=.gmp_922967.gde_922967_member_186188808

2 Comments

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Theft

Hospitality Industry Crime Risks: Florida Restaurant Thieves Steal Safe Containing $35,000 In Cash; Break In Through Wall In Business Next Door

“The burglars got into the restaurant by breaking into a neighboring business and entering through a wall. Once inside the restaurant, they took the safe and the surveillance system…”

Thieves broke into a restaurant on Flagler Street overnight, stealing a safe that contained $35,000 in cash.
According to NBC 6, thieves broke into El Caribe Cafe at 7173 W Flagler Street sometime between midnight and 4 a.m. Monday morning.

About four months ago, thieves broke into the same restaurant, entering through the roof.

Police are investigating the crime, and doubt one thief acted alone. Miami police spokesperson Kenia Reyes confirmed evidence was left at the scene, but is not disclosing what it is at this time.

For more:  http://blogs.miaminewtimes.com/shortorder/2012/11/thieves_steal_35000_in_restaur.php

Comments Off on Hospitality Industry Crime Risks: Florida Restaurant Thieves Steal Safe Containing $35,000 In Cash; Break In Through Wall In Business Next Door

Filed under Crime, Insurance, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Crime Risks: Tennessee Hotel Rooms Broken Into By "Convicted Burglar" Using "Chiseled Tip Knife" And Keycards Stolen From Cleaning Carts

“…Police said Brown was carrying seven keycards from several hotels as well as knife with a chiseled tip that could be used to defeat locking mechanisms…He told police he had taken the keys from a cleaning cart…”

Police are investigating whether a man who allegedly broke into a hotel room in downtown Nashville had any involvement in ten other similar hotel burglary since January.

Police said the victims were inside their hotel room on the 13th floor of the Renaissance Hotel when 35-year-old Antoun Brown came in and asked where the ice machine was, and then made his way into the bathroom before leaving.

The victims told police they heard someone messing with their door lock before he came inside.

Hotel security apprehended him on the 4th floor and held him until police arrived to take him into custody.

Brown, who is a convicted burglar, was charged with aggravated burglary and possession of a burglary tool.  His bond was set at $13,000.

For more:  http://www.newschannel5.com/story/20040554/man-allegedly-broke-into-downtown-hotel-room

Comments Off on Hospitality Industry Crime Risks: Tennessee Hotel Rooms Broken Into By "Convicted Burglar" Using "Chiseled Tip Knife" And Keycards Stolen From Cleaning Carts

Filed under Crime, Guest Issues, Liability, Maintenance, Risk Management, Theft

Hospitality Industry Legal Risks: "Data Breach Class-Action Lawsuits" Are Increasing As Judges Widen View To Include "Future Damages"; Average Settlements Of $2500 Per Plaintiff

“…Until a couple of years ago, courts would routinely dismiss lawsuits stemming from data breaches, such as the latest in South Carolina, unless the victims could show specific damages. Judges have since widened their view and are awarding class-action status to lawsuits that can show actual damages or a real possibility of future damages…”

The payout for companies on the losing side of a class-action suit can be substantial. A recent survey of data breach litigation found the average settlement award of $2,500 per plaintiff, with mean attorney fees reaching $1.2 million, according to a study by Temple University Beasley School of Law.

How federal courts define the damages people suffer from data breaches is broadening dramatically, leaving unprepared companies at greater risk of big payouts in class-action lawsuits, lawyers from a prominent law firm say.

Jeffrey Vagle, a lawyer with Pepper Hamilton, described as a “sea change” judges’ thinking. “Courts are starting to pick up on the fact that the data that can get out there can cause serious harm, maybe not immediately, but sometime in the near future,” Vagle said.

Examples include a case in which a laptop containing unencrypted personal data of Starbucks employees was stolen. While there was no evidence that the data was misused, the Ninth Circuit Court ruled in 2010 that the risk alone was enough to warrant a lawsuit, Vagle and colleague Sharon Klein said in a Client Alert published on the law firm’s website.

Data breaches have become a fairly common occurrence among companies of all sizes. Last year, 174 million data records were loss in 855 separate incidents, according to a recent report from Verizon. A 2011 Ponemon Institute survey of 583 IT and IT security professionals in the U.S. found that 90 percent of the organizations they represented had suffered at least one data breach.

To lessen potential damages, Pepper Hamilton recommends beefing up technical and physical security wherever possible. While no technology is 100% hacker proof, courts tend to compare what a company has in place to what is considered best practices for businesses of the same size and in the same industry. Taking all reasonable steps to prevent data theft can lessen damages.

Also, information shouldn’t be linked to individuals, unless absolutely necessary, and a notification policy needs to be in place, so people affected by data breaches are warned as quickly as possible.

A bill pending in Congress would set a national standard for data breach notification, replacing the variety of state laws that exist today. Introduced in June, the Data Security and Breach Notification Act would also set maximum damages and define what is considered a breach.

Irrespective of the bill’s fate, companies need to establish clear policies and procedures for handling data breaches when they occur. Klein recommends a dry run to ensure that everyone understands the steps that need to be taken.

“Many companies still believe that it only happens to the other guy,” Klein said. “And because of that, [they] have not done the blocking and tackling and preventative work upfront.”

For more:  http://m.csoonline.com/article/720128/courts-widening-view-of-data-breach-damages-lawyers-say?goback=.gde_922967_member_180838402

Comments Off on Hospitality Industry Legal Risks: "Data Breach Class-Action Lawsuits" Are Increasing As Judges Widen View To Include "Future Damages"; Average Settlements Of $2500 Per Plaintiff

Filed under Claims, Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Security Risks: "Hacking Hotel Locks In Seconds With Cheap Tools" (ABC News Video)

[youtube=http://www.youtube.com/watch?v=6jlkxDikeiI]

Why 100’s of thousands of tourists are vulnerable to theft or worse.

Comments Off on Hospitality Industry Security Risks: "Hacking Hotel Locks In Seconds With Cheap Tools" (ABC News Video)

Filed under Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risk Management: Hotels Face Increased Risk Of "Guestroom Burglaries" From Electronic Door Lock Hacking Devices

By Todd Seiders, CLSD

http://www.petrarisksolutions.com/

As many of you may have heard, the computer “hacking” community has made a small device that can open Onity hotel guestroom door locks. It costs approximately $50 in readily available electronic parts, and the device has been concealed in an iPhone case and a Dry Erase marking pen body (yes, the felt tipped dry erase pen used on whiteboards).

The hacking device plugs into the door locks, and opens the door. It shows up on the lock readout as a “portable programmer” use, but no serial number for the portable programmer is noted.

**We are now experiencing actual guestroom burglaries and guest thefts by use of these devices in Texas. Multiple rooms have been hit at several hotels. An arrest was made in Houston on some of these burglaries, so I hope to have additional info on that very soon.

**I am also receiving reports from hotels in Florida that a similar “hacker” has been seen carrying a laptop computer and using a key card (possibly connected to the laptop) to open guestroom door locks. There have been several guestroom burglaries and actual witnesses who saw the suspect with his laptop, using a key card to access locked guestrooms.

Please TRAIN and notify your hotel staff that these burglaries are spreading across the country. Hotel staff should be vigilant while they are on the guest floors and paying attention to guests walking through hallways. Take time to watch guests walking through your hallways to ensure they are going to a room and entering it. Be very suspicious of someone carrying a laptop or small bag wandering the hallways. Greet guests and ask them if they need assistance. If they appear nervous, or cannot tell you what room they are looking for, escort them to the lobby, or escort them to where a security camera is, so you can get a picture of them. If they leave the hotel, follow them and try and write down a vehicle license plate on their vehicle. Your hotel staff has to be more active on your guest floors when they see people walking around.

Onity locks is not accepting liability for the defect in their hotel locks, and have offered a software fix for the problem. Onity is charging hotels to supply the fix.

I’m sorry to say that this burglary issue will only get bigger as the hackers share their tales and their build your own device details in the future.

I’ll keep you posted on this topic…..

Todd Seiders, CLSD
Director of Risk Management

Email: ToddS@PetraRiskSolutions.com
Phone: (800) 466-8951 ext 207

Direct: (562) 623-0976
Fax: (800) 494-6829
Lic #0817715

 

Comments Off on Hospitality Industry Security Risk Management: Hotels Face Increased Risk Of "Guestroom Burglaries" From Electronic Door Lock Hacking Devices

Filed under Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Risk Management, Theft, Training

Hospitality Industry Information Security Risks: Hotel's Guest's Credit Cards Are Targets For "Identity Thiefs" From "Mulitple Charges" During Stay

“…hotels have lots of employees — and many of them have access to the credit card and other personal information of guests. No matter how well trained and supervised, more personnel correlates to greater risk. The fact that low-level employees typically have access to key guest information, and that there is, historically, a high turnover in hotel employees, exacerbates the problem…”

Hotels are obvious targets for identity and financial theft for many reasons. Hotels transact business through credit cards, and those credit cards are kept on file and can be accessed multiple times during a guest’s stay. The possibility that a credit card charge will be recorded occurs with each night’s room charge, room service, bar or restaurant bill, spa charge, and so on. Every charge is another opportunity for an identity thief to access the information using sophisticated computer hacks and other malicious software, generally without the hotel’s knowledge.

The need to respond to guest demands is another source of insecurity. The Identity Theft Resource Center noted, “The ability to connect to the Internet is an integral part of many individuals daily life. This has led to the increased demand for public WiFi.” As a result, hotels find themselves compelled to offer wireless internet, and that service is almost always unsecured. But an unsecured wireless network is “just as dangerous as leaving files of your most important personal documents on a street curb for all to see. Hackers can easily get into an unsecured wireless network and get financial information, business records or sensitive e-mails.” (PC World, “Got Wireless Security”, http://www.pcworld.com/article/125040/got_wireless_security.html). At the same time, hotels have little say in the matter. Guests demand wireless internet service.

Some security researchers have described a wave of attacks against the hospitality industry. In 2010, the cybersecurity consultant Trustwave found that in 38% of its investigations, hotels and resorts were the victims of successful cyber intrusions, despite those firms only representing 3% of its customers.  Hotels represent a disproportionate number of security breaches.

For more:  http://hotellaw.jmbm.com/2012/10/liability_for_guest_information_.html

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risks: Hotel "Electronic Room Locks" Opened With "Hacking Device" Tool Disguised As "Dry Erase Marker" (Video)

[youtube=http://www.youtube.com/watch?v=QyN-8CeNSZg]

A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.

The security researchers who spend their days breaking into clients’ systems to find and fix security vulnerabilities often call themselves “penetration testers,” or “pentesters.” But one group of hotel lock hackers just gave the term “pentest” a very different meaning.

The inconspicuous lock hacking device is an adaption of one demonstrated at the Black Hat security conference in July by Cody Brocious, a hacker and software developer for Mozilla, who discovered and exploited a vulnerability in Onity locks, a cheap and popular hotel room lock that the company says are used on at least four million hotel rooms worldwide. Through the port on the bottom of the lock intended for a device that hotels can use to set master keys, Brocious found he was able to read the lock’s memory, including a decryption key stored on the locks that gave him access to their opening mechanism.

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft