Newsroom

Omni Hotels & Resorts notified customers last week that its point-of-sale systems was hit by malware between December and June.

The hotel said it learned about the data breach on May 30, according to The Wall Street Journal. The breach affected 49 out of the chain's 60 North American locations.

Cybercrime research company Flashpoint believes that more than 50,000 payment card numbers related to the breach have been sold already on criminal online forums. A similar form of malware attack was responsible for breaches at Hyatt Hotels, Starwood Hotels and Hilton.

Omni would not confirm how many customers were affected, but it said cardholder names, numbers, expiration dates and security codes were stolen.

In related news, cloud service data aggregator Datadog says it was hit by a data breach last week, and has asked its customers to change their login information. Also, a hacker claimed to have breached an Amazon server and then released more than 80,000 usernames and passwords after the company allegedly would not listen to his warnings about its vulnerabilities, according to The Daily Dot.

Also last week, Wendy's admitted that more than 1,000 of its locations were affected by its POS breach, which is believed to have begun in late 2015. Several class actions, including two by credit unions, have also been filed. NAFCU President and CEO Dan Berger called the news "an outrage" and said it is imperative that Congress act to hold retailers to strong national data security standards.

NAFCU continues to push for a strong national data security standard for retailers through the "Data Security Act" (H.R. 2205/S. 961), which would hold retailers to the same standards credit unions already follow under the Gramm-Leach-Bliley Act and institute consumer notification requirements.