Hershey Entertainment and Resorts, the company that owns Hersheypark, is investigating a possible data breach that may have exposed guests’ credit card information.
Commenting on this, Mark Bower, global director at HP Security Voltage, said: “Resorts and hospitality service providers have additional challenges to deal with in respect to payment card security. Card on file transactions are common, meaning card data is often stored longer than typical retailers to maintain customer bookings and for resort service charges after check-in. Feeds from online booking systems often channel card data from various sources and third parties over the internet, creating additional possible points of compromise. Partner booking systems accessing the hotel platforms also present additional risks and malware paths for entry to data processing systems to steal sensitive information. However, resorts and hospitality organisations can avoid the impact of the advanced attacks common in the retail segment. Proven methods are available to neutralise this data from breaches either at card read a the POS in person or via web booking platforms. Leading travel related organisations, airlines, travel booking aggregators have adopted these data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.1 compliance enforcement aimed to making data security a “business as usual” matter for any organisation handling card payment data.”