Atlantis, Paradise Island Provides Notice of Data Security Incident


 


Paradise Island, Bahamas, July 21, 2017 – Atlantis, Paradise Island (the “Resort”) today announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at food and beverage and retail locations at the Resort between November 1, 2016 and April 3, 2017.  We have engaged professionals who have corrected the issue and customers can now safely use their credit and debit cards at the food and beverage and retail locations at the Resort.  This incident did not affect credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
 
What Happened?  The Resort began investigating unusual activity after receiving reports from its credit card processor.  The Resort immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems.  On May 10, 2017, the Resort confirmed the existence of suspicious files on its computer systems that indicated a potential compromise of customers’ credit and debit card data for some credit and debit cards used at food and beverage and retail locations at the resort. 
 
The Resort has been working with third-party forensic investigators to determine what happened and what information was affected.  The Resort has confirmed that malware may have captured data from some credit and debit cards used at food and beverage and retail locations at the Resort.  The Resort has removed the malware at issue to contain this incident and implemented additional procedures in an effort to prevent any further unauthorized access to customers’ credit and debit card information.  This incident did not affect credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
 
What Information Was Involved?  Through the ongoing third-party forensic investigations, the Resort confirmed that malware may have captured credit and debit card data from some credit and debit cards used at food and beverage and retail locations between November 1, 2016 and April 3, 2017.  The information at risk as a result of this event for credit or debit cards used at the impacted locations includes the card number, expiration date and CVV.  This incident did not involve customers’ Social Security numbers as this information is never collected by the Resort.  This incident did not involve customers’ names or PIN numbers, either.
 
What We Are Doing.  “The Resort takes the security of our customers’ information extremely seriously, and we apologize for the inconvenience this incident may have caused our customers,” Howard C. Karawan, President and Managing Director of Atlantis, Paradise Island, stated.  Mr. Karawan expanded, “We continue to work with third-party forensic investigators to ensure the security of our systems on behalf of our customers and would like to take this opportunity to remind customers to remain vigilant against fraud by reviewing their financial account statements regularly and reporting any suspicious activity.”
 
For More Information.  Customers can email [email protected] for more information regarding this incident.  Customers can also find information on this incident and what they can do to better protect against fraud and identity theft at www.atlantisbahamas.com.
 
What You Can Do.  The Resort encourages all customers to remain vigilant against identity theft by reviewing their financial account statements regularly and monitoring their credit reports for suspicious activity.  Customers should immediately report any unauthorized charges to their card issuer.  The phone number to call is usually on the back of the credit or debit card.  Under U.S. law, individuals over the age of 18 are entitled to one free credit report annually from each of the three major credit bureaus.  To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  Customers may also contact the three major credit bureaus directly to request a free copy of their credit report.
 
The Resort encourages customers who believe they may be affected by this incident to take additional action to further protect against possible identity theft or other financial loss.  At no charge, customers can have these credit bureaus place a “fraud alert” on their file, alerting creditors to take additional steps to verify their identity prior to granting credit in their name.  Note, however, that because it tells creditors to follow certain procedures to protect the customer, a fraud alert may also delay customers’ ability to obtain credit while the agency verifies their identity.  As soon as one credit bureau confirms a customer’s fraud alert, the others are notified to place fraud alerts on the customer’s file. Should customers wish to place a fraud alert or have any questions regarding their credit reports, they may contact any one of the agencies listed below. 
 
Equifax                                               Experian                                              TransUnion
P.O. Box 105069                                P.O. Box 2002                                     P.O. Box 2000
Atlanta, GA 30348                             Allen, TX 75013                                   Chester, PA 19022
1-800-525-6285                                 1-888-397-3742                                   1-800-680-7289
www.equifax.com                               www.experian.com                              www.transunion.com
 
Customers may also place a security freeze on their credit reports.  A security freeze prohibits a credit reporting agency from releasing any information from a customer’s credit report without the consumer’s written authorization.  However, customers should be aware that placing a security freeze on their credit reports may delay, interfere with or prevent the timely approval of any requests they make for new loans, credit mortgages, employment, housing, or other services.  If a customer has been a victim of identity theft and provides a credit reporting agency with a valid police report, the agency cannot charge the customer to place, lift or remove a security freeze.  In all other cases, a credit reporting agency may charge a fee to place, temporarily lift or permanently remove a security freeze.  Customers will need to place security freezes separately with each of the three major credit bureaus listed above if they wish to place a freeze on all of their credit files.  To find out more about how to place a security freeze, customers can contact the credit reporting agencies using the information below:
 
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
1-800-685-1111
(NY residents please call
1-800-349-9960)
www.freeze.equifax.com
 
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze/center.html


 
TransUnion Fraud Victim Assistance
P.O. Box 2000
Chester, PA 19022
Fraud Division
1-888-909-8872
www.transunion.com/credit-freeze/place-credit-freeze
 
Customers can further educate themselves regarding identity theft, fraud alerts and the steps they can take to protect themselves, by contacting the Federal Trade Commission or their state attorney general.  The Federal Trade Commission can be reached at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, www.ftc.gov/idtheft/, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.  The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with the Commission.  Customers can obtain further information on how to file such a complaint by way of the contact information listed above.  Customers have the right to file a police report if they ever experience identity theft or fraud.  Please note that in order to file a crime report or incident report with law enforcement for identity theft, customers will likely need to provide some kind of proof that they have been a victim.  Instances of known or suspected identity theft should also be reported to law enforcement.  This notice has not been delayed as a result of a law enforcement investigation.
 
 
 FAQ
 
1. WHAT HAPPENED?
 
A recent data security incident may have compromised the security of payment information of some customers who used credit and debit cards at food and beverage and retail locations on the resort between November 1, 2016 and April 3, 2017.  We have engaged professionals who have corrected the issue and customers can now safely use their credit and debit cards at the food and beverage and retail locations at the Resort.  This incident did not affect any credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
 
The Resort began investigating unusual activity after receiving reports from its credit card processor.  The Resort immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems.  On May 10, 2017, the Resort confirmed the existence of suspicious files on its computer systems that indicated a potential compromise of customers’ credit and debit card data for some credit and debit cards used at food and beverage and retail locations at the resort. 
 
The Resort has been working with third-party forensic investigators to determine what happened and what information was affected.  The Resort has confirmed that malware may have captured data from some credit and debit cards used at food and beverage and retail locations at the Resort.  The Resort has removed the malware at issue to contain this incident and implemented additional procedures in an effort to prevent any further unauthorized access to customers’ credit and debit card information. 
 
2. WHEN DID THE RESORT DISCOVER THIS INCIDENT?
 
On May 10, 2017, the Resort confirmed the existence of files on its computer systems that indicated a potential compromise of customers’ credit and debit card data for some credit and debit cards used at its food and beverage and retail locations at the resort. 
 
3. WHAT IS THE RESORT DOING IN RESPONSE TO THIS INCIDENT?
 
Since discovering this incident, the Resort has moved forward on a number of fronts. These include:  
4. WHAT INFORMATION IS AT RISK?
 
The information at risk as a result of this event for credit and debit cards used at food and beverage and retail locations includes the card number, expiration date and CVV for cards used between November 1, 2016 and April 3, 2017 at food and beverage and retail locations at the resort.  This incident did not involve customers’ Social Security numbers as this information is never collected by the Resort.  This incident did not involve customers’ names or PIN numbers, either.  This incident did not affect any credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
 
5. IS IT SAFE FOR CUSTOMERS TO USE THEIR CREDIT CARD/DEBIT CARD AT THE RESORT PARADISE ISLAND?
 
Yes, we have identified the malware involved in this incident and removed it.  Credit and debit cards used at food and beverage and retail locations since April 3, 2017 are not at risk from the malware involved in this incident.  This incident did not affect any credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.
 
6. WHAT SHOULD I DO IN RESPONSE TO THIS INCIDENT?
 
The Resort encourages all customers who may have been impacted to be vigilant in monitoring your credit and debit card statements for any suspicious charges.  If you identify any suspicious charges on your statement, you should immediately report these charges to your card issuer.  The phone number to call is usually on the back of the credit and debit card. 
 
7. WOULD THE RESORT EVER CONTACT ME ASKING FOR MY PERSONAL FINANCIAL INFORMATION?
 
No. The Resort will never ask you to provide personal financial information in an email or by telephone. You should always be suspicious of any unsolicited communications that ask for your personal financial information or refer you to a web page asking for personal financial information.
 
8. WHERE CAN I GET MORE INFORMATION?
 
 Customers can email [email protected] for more information regarding this incident