Benchmark Discloses Potential Hack Of Payment Processing System

Benchmark, the global hospitality company, warned Friday (Feb. 24) of a payment card incident that might have impacted its customers at the individually owned Santa Barbara Beach & Golf Resort, Doral Arrowwood, Eaglewood Resort & Spa, The Chattanoogan, Willows Lodge and Turtle Bay Resort properties.

In a press release, Benchmark said it was alerted to a potential security incident at one of its managed properties and initiated an investigation at that property. As a result of the inquiry, an unauthorized file was identified which captured payment card information as it is went through its payment processing system. Benchmark said it “immediately” hired a cybersecurity firm to assist with its investigation across all of its properties. Findings from the investigation revealed malware, which searched for cardholder names, payment card account numbers, card expiration dates and verification codes, was installed on certain devices that process payment card transactions at certain Benchmark-managed properties.

Guests who used their cards at one of the affected properties during the affected time frame were told to remain vigilant to the possibility of fraud by reviewing their payment card statements for any unauthorized activity. “Guests should immediately report any unauthorized charges to their card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card,” Benchmark said in the press release.

The company also said it took measures to contain this incident and eradicate the malware. “Benchmark continues to work with the cybersecurity firm to further strengthen its security measures, including completing the implementation of point-to-point encryption and installation of EMV readers at its properties. Benchmark is also working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards.”