Silent Attacks in Pasadena: The Westin Pasadena’s Reported Data Breach and How to Make Your Digital Life Safer

The Westin Pasadena’s parent company announced August 12 that people who used credit cards at food and beverage outlets there between March 3 and May 18, 2016 may have had their credit card information stolen after “an extensive forensic investigation” revealed malicious software on the hotel’s payment processing systems.

What reportedly occurred at the Westin Pasadena — which jeopardized “name, payment card account number, card expiration date, and verification code” data — is far more common than many people who use credit cards realize.

In fact, the risks local businesses and credit card users alike face from vicious silent attacks like this are serious and constant, two experts from major national computer security firms based in Pasadena said late last week.

“There’s two types of companies: those that have been breached and those that don’t know it yet,” said Jonathan Nidenagel, CEO and founder of Pasadena-based Datumsec, a company that specializes in third party risks assessment solutions.

The hackers may have collected names, payment card account numbers, card expiration dates and verification codes, in which patrons who used credit cards at any “Point of Sale” (POS) locations at the hotel are the ones subject to the data hacking, according to company officials.

“They’re either looking to make a quick buck or they’re gathering information that they don’t need now, but may need at some point in the future,” explained Nidenagel. “You can get $20-$35 per valid credit card on the dark side of the internet.”

According to Nidenagel, the two main motives for cyber hacking are monetary benefits and also more long term game plans like blackmail, total identity theft and building information databases.

“We know that what hackers are after are things that they can exploit for a profit or to damage the reputation of the organization they are hacking,” said Guidance Software Senior Vice President Michael Harris, whose Pasadena-headquartered company offers forensic security for primarily fortune 500 companies and the federal government.

It happens everywhere around the globe in the depths of the web where digital criminals are invading spaces at every opening they can find—something that is very easy for a capable hacker.

“Some of these hackers can basically put companies and whole entities out of business,” said Harris.

Large companies like Disney have approximately 27,000 third-party vendors that are vulnerable to cyber attacks as the vendors are the pathways into the larger breach.

“The chain is only as strong as the weakest links and we are looking for those weak links,” said Nidenagel. Our role is to help those large fortune 1000 companies make sure that their partners, vendors and suppliers are actually secure.”

According to Nidenagel, running an anti-virus and keeping programs and various software updated are effective and simple ways to keep 99% of hackers away from getting into your digital property.

“You should be running some sort of anti-virus. It’s amazing how many people don’t,” said Nidenagel.

Hackers strike at any opportunity possible making phishing, or activity of defrauding an online account holder of financial information by posing as a legitimate company, is a common way many people let them in without even knowing. The emails are usually suspicious in nature with links inside and personalized to some shopping or medical history tailored to the individual, according to Nidenagel.

“The more information they have the easier is to hack you,” said Harris about hackers showing attend in obtaining medical records to phish people via fake emails.

“Phishing emails bypass your security prevention systems,” said Harris.

Companies like Guidance Software and Datumsec aim to alleviate the worry and stop cyber attacks from taking what’s not theirs, but the best rule of advice from the experts is to be sure to run some sort of anti-virus software and also update your personal computer on a regular basis.

For its part, the Westin Pasadena’s parent company, REI Holdings, apologized and said in its August 12 announcement that anyone who suspects their credit card account might have been affected at their hotel to call them toll-free at 888-849-1113 between 9:00 a.m. and 9:00 p.m. Eastern time, Monday through Friday.