NEW YORK--We recently learned of an incident involving unauthorized access to guest information associated with certain hotel reservations at the Loews Hotels & Co. (Loews Hotels) properties listed below.
This incident occurred on the systems of Sabre Hospitality Solutions (Sabre), a service provider used by Loews Hotels. It did not affect Loews Hotels’ systems. The privacy and protection of our guests’ information is a matter we take very seriously, and we recommend that affected guests review the information in this letter for some steps they can take to protect themselves against potential misuse of their information.
What Happened?
The Sabre SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an investigation, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some Loews Hotels’ hotel reservations processed through Sabre’s CRS.
The investigation found that the unauthorized party first obtained access to Loews Hotels-related payment card and other reservation information on August 29, 2016. The last access to this information was on March 9, 2017.
What Information Was Involved?
The unauthorized party was able to access payment card information for some hotel reservations at our affected properties, including cardholder name, payment card number, card expiration date, and potentially card security code. In some cases, the unauthorized party also was able to access guest name, email, phone number, address, and other information. Information such as Social Security, passport, and driver’s license number was not accessed.
What We Are Doing
We are working with Sabre to address this issue. We understand that Sabre engaged a leading cybersecurity firm to support its investigation. Sabre indicated that they also notified law enforcement and the payment card brands about this incident.
What You Can Do
We recommend that affected individuals remain vigilant for incidents of fraud and identity theft by regularly reviewing account statements and monitoring free credit reports for any unauthorized activity. If there is any suspicious or unusual activity, affected individuals should report it immediately to their financial institutions, as the major credit card companies have rules that restrict them from requiring payment for fraudulent charges that are reported timely.
In addition, affected individuals may contact the Federal Trade Commission (FTC) or law enforcement authorities, such as their state attorney general, to report incidents of identity theft or to learn about steps to take to protect against identity theft.
For More Information
If you made reservations at any of our properties listed here between August 29, 2016 and March 9, 2017, please see below the FAQ section for more information and steps you can take to protect yourself against potential misuse of your information.
We apologize for any inconvenience caused by this incident. If you have any questions regarding this issue or if you desire further information or assistance, please do not hesitate to contact us at:.
800-799-8944, Monday through Friday, 24 hours a day, except holidays.
1-503-597-7661, Monday through Friday, 24 hours a day, except U.S. holidays.
Sincerely,
John Cottrill
Chief Operating Officer
Loews Hotels & Co.: Website FAQs
I. Questions About the Incident
1. What happened?
Loews Hotels was informed on June 6, 2017 by Sabre Hospitality Solutions (Sabre), a third-party service provider used by Loews Hotels to facilitate the booking of hotel reservations, that there was an incident on their system involving unauthorized access to guest information associated with certain reservations made at some Loews Hotels properties. The incident did not affect Loews Hotels’ systems. Loews Hotels understands that Sabre has engaged a leading cybersecurity firm to support its investigation and has notified law enforcement and the payment card brands about this incident.
2. What information was affected by this issue?
The unauthorized party was able to access payment card information for some hotel reservations at certain Loews Hotels properties, including cardholder name, payment card number, card expiration date, and potentially card security code. In some cases, the unauthorized party also was able to access guest name, email, phone number, address, and other information. Information such as Social Security, passport, and driver’s license number was not accessed.
The investigation found that the unauthorized party first obtained access to Loews Hotels-related payment card and other reservation information on August 29, 2016. The last access to this information by the unauthorized party was on March 9, 2017.
3. Which Loews Hotels properties were affected?
Please see below the affected Loews Hotels properties from August 29, 2016 - March 9, 2017.
- Beach House Suites by The Don CeSar
- Hotel 1000
- Loews Annapolis Hotel
- Loews Atlanta Hotel
- Loews Boston Hotel
- Loews Chicago Hotel
- Loews Chicago O'Hare Hotel
- Loews Coronado Bay Resort
- Loews Don CeSar Hotel
- Loews Hollywood Hotel
- Loews Hotel Vogue
- Loews Madison Hotel
- Loews Miami Beach Hotel
- Loews Minneapolis Hotel
- Loews New Orleans Hotel
- Loews Philadelphia Hotel
- Loews Regency New York Hotel
- Loews Regency San Francisco Hotel
- Loews Santa Monica Hotel
- Loews Vanderbilt Hotel
- Loews Ventana Canyon Resort
4. How did Loews Hotels become aware of the incident?
Sabre notified Loews Hotels on June 6, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of Loews Hotels’ hotel reservations processed through Sabre’s central reservations system.
5. Were Loews Hotels’ systems affected?
This issue did not affect Loews Hotels’ systems. The issue resulted from unauthorized access to information processed on the systems of Sabre Hospitality Solutions, a third-party service provider used by Loews Hotels to facilitate the booking of hotel reservations.
6. When did the unauthorized party access payment card information?
Sabre’s investigation found that the unauthorized party first obtained access to Loews Hotels-related payment card and other reservation information on August 29, 2016. The last access to this information by the unauthorized party was on March 9, 2017.
The above is a news release written by a third party. While HNN’s editorial mission is to produce unique content, it occasionally publishes timely, newsworthy news releases to complement in-house reporting efforts. All news releases are clearly marked as such. For questions and clarification, please contact Editor-in-Chief Stephanie Ricca at sricca@hotelnewsnow.com.