If you used a credit card at the 2009 Romantic Times BookLovers Convention at the Wyndham hotel, check your statement carefully, and I do mean carefully.
Many people are reporting fraudulent use of the cards they used at the Wyndham, including several dozen US based writers, one person from Australia, and, according to other reports, a bookseller in Thailand, who found several thousand dollars of fraudulent charges on their bills. EREC has a post on it, and folks on the RT forums are talking about it as well.
If you notice fraudulent activity on your credit card, immediately call the bank or the card issuer, and file a report. Jo Carol Jones from Romantic Times sent an email that outlines the Wyndham Corporate response via the Wyndham Orlando Resort:
“We have received information back from the Wyndham Corporate office. They have instructed us to advise those who are having credit card issues to contact their specific credit card companies to handle the matter. It is the responsibility of the credit card companies to investigate and handle any issues related to one of their customer’s credit cards.
If you need to contact the Wyndham Corporate office, you can call Wyndham Customer Care at 800-996-3426.
We value your business and regret any inconvenience this may have caused.”
I can’t say that I’m too impressed with the Wyndham response there, seeing as there is a history of credit card theft and hacking as little as a year ago.
This is my second RT, and I can’t even tell you how hard the unseen but tireless RT convention staff works to make this event happen. For the product of their hard work to be damaged by credit card thieves just fucking sucks.
I don’t think anyone blames RT. It’s not their fault that Wyndham cannot ensure that their system is secure.
The upside is…I now know which hotel chain to avoid.
verification word: decided99
(coincidence…?)
Yeah, I’d definitely avoid the Wyndham if for no other reason than that they aren’t making a big issue to find and stop whoever is doing this.
Well, when this happened to me (it was a car dealership, almost ten years ago), it was all through the credit card issuing bank, and I didn’t have to pay anything.
Still, it fed my natural paranoia so I’m extra vigilant and keep credit card vouchers and receipts and check my statements line by line every month.
Later I learned that the different banks had gotten some serious investigation going and that later the cops arrested two people at the dealership.
I had this happen at a Holiday Inn after I cancelled my reservations there. It was one of the front desk clerks. They were arrested, prosecuted and tottled off to jail. I wasn’t the only one they did it too. Seems there was a long history, they just hadn’t caught who it was.
Hope they get the bastard.
It is not the Wyndam’s responsibility to do anything. Period.
It is your responsibility to contact your credit card issuer, as well as the police. What you pay depends upon your contract with your credit card issuer (some old style cards had a $50 liability limit PER CHARGE).
I wouldn’t have a credit card or debit card that made me pay a dime for any fraudulent charges. And neither should you.
It is the police’s responsibility to investigate and pursue charges.
Well – it kind of is the Wyndham’s responsibility to do something – why? Large-volume data loss should be reported, especially if the hackers got CVV codes. Those are the goldmine; they bring the big bucks. CVV codes in a hacker’s hands means that instead of the Wyndham being responsible for the breach, the BANKS will have to eat the loss. Without the CVV codes, the loss goes to the retailer. With the CVV codes, fraudsters are able to create false credit cards that look legit and sell them on the open market.
I haven’t heard word one from any other news or data loss organizations. If I had gotten hacked and had the inconvenience of this? I’d be web-surfing for every DB_loss website I could inform.
Last time Wyndham got hacked (in July, which they noticed in December), I believe Secret Service got involved.
My sincerest heartfelt hugs to those who’ve already been affected.
In my former life, I handled the PR account for Wyndham Hotels and I can tell you that this situation would be a major potential media crisis that would/should be handled swiftly and openly, and with the attention of top managment at the corporate and property level. No, it is not technically their responsibility, but it is a PR nightmare. I am stunned that Wyndham corporate is not offering more of an official response if for no other reason than a #wyndhamfail twitter campaign could impact their bottom line. (A statement, for example, that the issue has been brought to their attention, is being addressed at the highest level of management, investigated thoroughly, and will be stopped immediately.)
Start twittering, folks. This is wrong. If you got burned, tell everyone you know and everyone they know and everyone they know…someone at that property is stealing credit card numbers. If you have a choice to stay anywhere in Orlando, on I-Drive, near Universal, will it be at the place that steals your credit card number? I think not.
I’m confused. Why wouldn’t the Wyndham be responsible for the theft of their guests’ credit card details? If a number of their guests experienced the same problem, it would be logical to assume that the credit card details were dealt with carelessly, and/or a member of the Wyndham staff is responsible. Or am I wrong?
Little off topic but applies to Wyndham Orlando RT. We had our Do Not Disturb tag taken from our door and came back to room as maid was cleaning(which we didn’t want for specific reasons) After I left Florida I realized several of my rings were missing. Some were costume so that didn’t bug me but there were 24kt gold and diamonds(real) so they were quite costly… I called the hotel who stated “Not our responsibilty because your next door neighbor left her sliding glass door open” Dude, first off we never had our connecting door unlocked and we barely knew our next door neighboor who happened to be Lil Gibson author and general sweetie… I contacted her and she even had pain killers stolen from her room. I filed my report with Orlando PD and case is pending but Wyndham Orlando theives working for them. If you didn’t already know that:(
Yes, I know at least a dozen authors who had their credit card numbers stolen. I thought I was safe because I only used my card once, to check in at the Wyndham front desk. I called my card issuer anyway, just to put them on alert, and sure enough – my card company stopped several fraudulent charges attempted on my account. So the problem did stem from the hotel directly, even though they are claiming no responsibility.
Angie: Thanks for the heads up. I used my card at the restaurant. Calling them now.
To clarify: it’s not Wyndhams’ fault, but it is their problem to deal with – a repeat problem I might add – and I have not been impressed with the manner in which they’ve addressed it this time around.
Yes, SB Sarah put it better – it’s (probably*) not Wyndham’s FAULT, but as a general rule, you WANT to help authorities apprehend people involved in hacking and fraud. It’s like one of those gifts that keep on giving.
SarahT: As for why the banks eat the loss, instead of Wyndham, that’s just the rule, based on whether CVV codes (which come from the magnetic strips) are compromised. I think it does kind of suck. However, I’m not fully versed in any exceptions, like collusion etc that banks could use to push the loss back to the retailer…
After I commented, I looked it up, and yes – it is the Secret Service that should be involved, as they handle financial crimes in the US.
*Given the fact that they were JUST hacked, I’d be really, really interested to learn whether they patched their leak sufficiently, hired better folks in their IT dept, etc. One of the unfortunate side-effects of data loss is, once you’ve been hit and go on the list (there are several sites that track DB_loss), you’ll probably be hit again, just to see if you’ve left any vulnerability open. It’s really an interesting area of psychology, hackers vs. loss operators.
Even if you haven’t had any fraudulent charges (yet?), it’s worth calling your card issuer. Mine would probably just issue a new card and cancel the old one preemptively.
And, while I agree that it is the card holder’s responsibility to report any fraud to the appropriate authorities, if Wyndham has any reason to even SUSPECT misconduct on the part of their employees or a flaw in their own security protocols, they should be jumping through their butt trying to fix it and apologizing like mad.
On the Sunday at RT I checked several bags at the front desk after checking out of my room; a pair of shoes went missing. COOL shoes, that I bought in England. I’m not pleased.
And yes, this is the Wyndham’s responsibility; either their system is easily hackable or one or more of their employees is a thief. There’s no excuse for this lackadaisical response.
I’ve found myself staying in a lot of Wyndams lately and had signed up for their Rewards program. I’m canceling it now.
I didn’t go to RT, but I go to other conventions quite often (as do a lot of my friends) and Wyndham is usually our second choice. Actually I think our reservations for the July con we’re attending are at a Wyndham. I better warn my friend now and see if we can find a different hotel or something…the last thing I need is someone grabbing my CC info and making my life miserable.
I just got a call from my credit card company last night—someone in Maryland was trying to buy nearly $500 worth of stuff on my credit card at Walmart. I’m assuming this is related to RT, which I attended, since I never lost my card.
Well both of the cards that I used whilst attending the conference where compromised and 6 other ladies from OZ that attended where also affected!
I wont be staying at a Whyndam resort EVER again!
I’m from Brisbane Australia, in case that last post didn’t make any sense. 🙂