The operator of three San Diego hotels announced Wednesday that a security breach led to unauthorized charges on guests' payments cards, and recommended that guests review their accounts for the affected time period.
Evans Hotels — which owns and operates the Bahia Resort, Catamaran Resort and The Lodge at Torrey Pines — received calls in February from guests who saw unauthorized charges on their payments cards after they were used at the company's hotels.
An investigation determined that hotel computers were infected by malware that could read data on backup card readers, which front-desk clerks sometimes used when large groups were checking in, according to the company.
The information collected by the malware included the cardholder name, account number, expiration date and verification code.
Evans Hotels said the backup card readers were removed from all properties by March 5.
Most cards used by customers were swiped through other readers that encrypt the data and were unaffected, according to the company.
The company said it is unable to identify which guests might have been affected, so it recommends that all guests who used cards at its properties between September of last year and March 5 of this year check their accounts for unauthorized uses.
Anyone who sees charges that they didn't make should call their bank, according to Evans Hotels. The company said credit card companies usually don't hold their customers responsible for fraudulent charges.
Company officials said they're working with a computer security firm to implement further measures to prevent fraud, and that customers can "feel confident" in using payment cards at their hotels.
Further information is available by calling (888) 738-3786 on weekdays between 9 a.m. and 9 p.m. Eastern Time.
