Categories: PR Newswire

Drury Hotels Provides Update Regarding Third-Party Service Provider Security Incident

ST. LOUIS, Oct. 1, 2019 /PRNewswire/ — Drury Hotels announced on May 24, 2019 that it was notifying certain guests of a security incident that occurred on the network of a third-party technology service provider.  The incident involved information related to transactions made through some third-party online booking websites.  Despite the service provider’s assurances that the incident only involved transactions sent through the service provider’s network between December 29, 2017 and March 13, 2019, the service provider has now informed Drury Hotels that transactions between December 28, 2017 and June 2, 2019 are involved. 

After the service provider informed Drury Hotels that the time frame of the incident may have changed, Drury Hotels contacted the cybersecurity firm engaged by the service provider to determine what occurred. Drury Hotels received the findings and answers to questions needed to clarify the findings on September 23, 2019.

The service provider is a company used by Drury Hotels (and other hotel companies) to collect reservations made by guests on third-party online booking websites and enter them into its system.  In addition to the individuals that were previously notified, Drury Hotels is notifying those individuals who used third-party online booking websites to make a reservation for Drury Hotels on December 28, 2017 or from March 14, 2019 through June 2, 2019 that their information may have been involved in this incident.  Reservations that were made directly with Drury Hotels (by calling Drury Hotels or using our website or mobile app) were not involved in this incident.

What Happened?
For most hotels, there are two ways to make a reservation – directly with the hotel or indirectly through third-party online booking websites (websites run by other companies that compare rooms and rates at different hotels).  For reservations that are made through online booking websites, many hotels use a technology service provider to collect the reservation data from the online booking company and enter it into the hotel’s property management system. We were notified by the company that provides that service to us and other hotel companies that it was conducting an investigation to determine if there had been unauthorized access to its network.  The service provider reported that it had hired a cybersecurity firm to conduct an investigation.   

What Information Was Involved?
The information in the transaction records that were involved included name, address, payment card number, expiration date, and the card’s external verification code.  Some transaction records also included email addresses.  Specific details regarding the reservation itself were not involved.  Only transaction records from some third-party online booking websites were involved.  And only some, not all, of the transaction records from those third-party online booking sites were involved.

What You Can Do.
We encourage you to closely review your payment card statements for any unauthorized charges.  You should immediately report any such charges to the bank that issued your card.  If reported timely, payment card network rules generally provide that cardholders are not responsible for unauthorized charges. Information about this incident and additional steps you can take can be found on the dedicated website Drury Hotels established regarding this incident – https://ide.myidcare.com/druryhotels.

What We Are Doing.
We regret that this incident occurred and apologize for any inconvenience. Since then Drury Hotels has worked closely with the service provider to get updates on its investigation.  We received a list of the specific transaction records that were involved.  For the transaction records that contained a mailing address, Drury Hotels is mailing letters to those individuals.  For transaction records without an address that contained an email address, Drury Hotels is sending email notifications to those individuals.  And Drury Hotels issued this press release and posted a notification on its website to provide notification to others involved.  If you do not receive a notification letter or email, either your information was not involved in this incident, or the list from the service provider did not contain your mailing address or email address.

Drury Hotels received confirmation from the service provider and the cybersecurity firm it engaged that it has undertaken measures to stop this incident and prevent something like this from happening again.  We will continue to work with the service provider to identify the security enhancements it is implementing.

For More Information.
If you have any questions about this matter, please call (800) 382-6291, Monday to Friday, from 8:00 a.m. to 8:00 p.m., Eastern Time.

About Drury Hotels Company
Drury Hotels Company is a Missouri-based, family-owned and operated hotel system with more than 150 hotels in 25 states.  Drury Hotels’ brands include Drury Inn & Suites®, Drury Plaza Hotel ®, and Pear Tree Inn by Drury®, as well as other hotels in the mid-priced hotel segment.

SOURCE Drury Hotels Company

IR Press

Share
Published by
IR Press

Recent Posts

OCC Announces Enforcement Actions for November 2024

WASHINGTON—The Office of the Comptroller of the Currency (OCC) today released enforcement actions taken against…

1 day ago

Remarks by Secretary of the Treasury Janet L. Yellen on the 30th Anniversary of the Community Development Financial Institution Fund

As Prepared for Delivery Good afternoon. It’s an honor to welcome President Clinton to Treasury today…

2 days ago

Treasury Sanctions Gazprombank and Takes Additional Steps to Curtail Russia’s Use of the International Financial System

Treasury imposes sanctions on dozens of Russian banks, securities registrars, and finance officials; OFAC issues…

2 days ago

Acting Comptroller Testifies on State of the Federal Banking System

WASHINGTON—Acting Comptroller Michael J. Hsu today testified on the state of the federal banking system…

3 days ago

Remarks by Assistant Secretary for International Finance Brent Neiman on the U.S. Cross-Border Payments Agenda

As Prepared for Delivery Thank you very much for the opportunity to be here today, and…

4 days ago