Mariposa and Royal Street Café in Deer Valley, Colo, told customers that information about their payment cards may have been stolen after hackers hacked into the resort operator ‘s point-of-sale system, which runs both restaurants.
Two Deer Valley Resort restaurants discovered on May 17 this year that a hacker had accessed their payment card system from January 10-28. Received the names of cardholders, payment card numbers, expiration dates and internal verification codes were read from the magnetic bands of their payment cards. According to Deer Valley Resort:
Visitors to The Mariposa and Royal Street Café restaurants at Deer Valley Resort reported a payment card security issue that was identified and addressed.
On May 17, 2019, a virus was detected in the system, processing payments made at The Mariposa and Royal Street Café restaurants. Immediate measures had been taken to ensure the security of the system and an investigation had been initiated. Trading networks and police officers were immediately warned. A forensic firm was also engaged to assist in the investigation. The investigation revealed malware work between 10 and 28 January 2019 on systems supporting payment processing systems for The Mariposa and Royal Street Café. The virus is thought to have been designed to search for tracking data (which sometimes has the cardholder ‘s name in addition to the payment card number, expiration date and internal verification code) read from the magnetic band of the payment card as it was routed through point-of-sale devices. There is no indication that additional customer information was affected.
During the investigation, the virus was removed, and restaurants continue to look for ways to improve the security of payment card data. We continue to support the investigation and are working with payment card networks so that banks that issue relevant payment cards can be aware and initiate increased monitoring.
Visitors are encouraged to closely monitor statements on their cards for fraudulent actions. The person must immediately report any fraud to the card issuer, as payment card rules generally provide that cardholders are not responsible for unauthorized payments reported in a timely manner. The phone number for the call can usually be found on the back of the payment card.
We apologize for any inconvenience. If guests have questions regarding this incident, you can call 855-795-3706 Monday through Friday between the hours of 7:00 a.m. and 7:00 p.m. MDT.
Deer Valley Resort said after the virus was discovered, it was removed, beyond cybersecurity and law enforcement were called to help, and banks issuing appropriate payment cards were informed so everyone could initiate enhanced monitoring.
The company did not release how many people may have been affected by the breach.