A data breach at hotel management company AMResorts may have exposed payment card data and personal information of people who booked their vacations at the company’s luxury resorts, SC Magazine reported.
According to the company, customers began calling in May 2014 about suspicious payment card activity after making reservations through AMResorts’ website. A forensic investigation turned up no signs of malware, viruses or intrusions, but “the investigation did identify activity in the system that may indicate unauthorized access to the data,” the company said in a December letter to some customers.
That data may include names, addresses, credit card information, telephone numbers, email addresses and possibly dates of birth, the company said. It didn’t say how many customers may have been affected, but all potentially affected individuals have been notified and are being offered a free year of identity protection services.
The company also said an investigation is ongoing and processes have been changed “so that access to credit card information is no longer possible.”
AMResorts and its parent company Apple Leisure Group operate six chains of resorts across Central America and the Caribbean, with vacation properties in Mexico, Costa Rica, Panama, Jamaica, the Dominican Republic, U.S. Virgin Islands and Curacao.