Stayed at Omni Lately? Here’s What You Need to Know About the Data Breach

Please note that I receive compensation for many links on this blog. American Express and other banks are advertising partners of this site. Read my Advertiser Disclosure policy to learn more.

In the latest string of reports of hotels being hit by data breaches and malware, this time it is Omni.

Omni Hotels & Resorts announced yesterday that they’d found malicious software installed via point-of-sale systems (such as restaurants and gift shops) at 49 of their 60 North American hotels.

Information that was stolen –

The hackers stole credit card numbers, cardholder names, expiry dates and security codes. Omni stated that they don’t have any reason to believe that any other information was stolen.

Omni’s notice says that if you didn’t physically hand over your card at a point of sale system, they do not think that your card was affected.

The dates that the malware may have operated are believed to be December 23, 2015 through June 14, 2016 with some locations having shorter periods.

Interestingly, Omni said they discovered the breach May 30 so maybe they didn’t realize the extent of the malware in time to shut it down before mid-June.

What can you do?

Omni is asking guests to review their credit card statements and contact their bank or card issuer if there is something out of the ordinary spotted.

If your credit card was affected –

Omni is offering one year of free identity theft protection to all affected guests, via AllClear Identity Protection. You are encouraged to call them with any questions at 1-855-303-9809 Monday-Saturday between 8am and 8pm CST and you can also go to

Typically once we hear about a hotel chain data breach there isn’t much more said afterwards. In this case though, the Wall Street Journal reported some interesting facts.

According to WSJ, over 50,000 credit/debit card numbers related to the Omni breach have been sold online in criminal forums by a hacker calling himself JokerStash.

The director of cybercrime research at Flashpoint believes that the same methods the criminals used this attack on Omni were also used in the malware breaches that Starwood, Hilton, and Hyatt experienced.

He thinks that JokerStash works with a team of hackers that have developed their own sophisticated malware. I wouldn’t be surprised if the team was involved in all of the recent hotel malware breaches. This is bad news for customers and hotels, and this surely won’t be the last report of hotel point-of-sale credit card data hacking. The upside is that now that the authorities are aware of the possible connection they can take steps to safeguard their systems.

Were you affected by the Omni Hotels data breach? Have you had your credit card details stolen before?

Editorial Note: The opinions expressed here are mine and not provided, reviewed or endorsed by any bank, card issuer, or other company including (but not limited to) American Express unless otherwise stated. Comments made in response to posts are not provided or commissioned, and they have not been reviewed or endorsed by any bank. It is not the responsibility of any advertiser to make sure that questions are answered.
Unauthorized use and/or duplication of the material on this site without express and written permission from this blog’s author and/or owner is strictly prohibited.

Leave a reply

Your email address will not be published. Required fields are marked *