The Atlantis Paradise Island Resort announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at food and beverage and retail locations at the resort between November 1, 2016 and April 3, 2017.
In a statement on the hotel’s website, the resort said management began investigating unusual activity after receiving reports from its credit card processor.
The resort said management immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on their computer systems.
On May 10, 2017, the resort confirmed the existence of suspicious files on its computer systems that indicated a potential compromise of customers’ credit and debit card data for some credit and debit cards used at food and beverage and retail locations at the resort.
Howard C. Karawan, president and managing director of Atlantis said, “The resort takes the security of our customers’ information extremely seriously, and we apologize for the inconvenience this incident may have caused our customers.”
Mr. Karawan expanded, “We continue to work with third-party forensic investigators to ensure the security of our systems on behalf of our customers and would like to take this opportunity to remind customers to remain vigilant against fraud by reviewing their financial account statements regularly and reporting any suspicious activity.”
The resort has been working with third-party forensic investigators to determine what happened and what information was affected. The resort has confirmed that malware may have captured data from some credit and debit cards used at food and beverage and retail locations at the resort.
The resort has removed the malware at issue to contain this incident and implemented additional procedures in an effort to prevent any further unauthorized access to customers’ credit and debit card information.
This incident did not affect credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
Through the ongoing third-party forensic investigations, the resort confirmed that malware may have captured credit and debit card data from some credit and debit cards used at food and beverage and retail locations between November 1, 2016 and April 3, 2017.
The information at risk as a result of this event for credit or debit cards used at the impacted locations includes the card number, expiration date and CVV.
This incident did not involve customers’ social security numbers as this information is never collected by the resort. This incident did not involve customers’ names or PIN numbers, either.
The Bahamas recently ranked 129th on the most recent Global Cybersecurity Index (GCI) published by the International Telecommunications Union (ITU) and Deputy Prime Minister Peter K. Turnquest said the country continues to fall too far behind in this area of safety.
Mr. Turnquest also said the low ranking could negatively affect the financial sector and curb the expansion of the local IT industry.
The index assesses 25 indicators and ranks countries based on commitment to and effectiveness in fighting cyber crime.
The Bahamas received high scores on only two of 25 indicators. Turnquest said The Bahamas ranked too low overall on international reports and that even though these studies can be subjective, they influence perception.
He added that it was “critical” that the government put protocols in place for dealing with cyber crime and that these matters would be addressed soon.