Rosen Hotels and Resorts, Inc. (“Rosen”) operates a number of hotel properties in the Orlando area. Rosen’s subsidiary company, Rosen Millennium, Inc. (“Millennium”) provides IT support to Rosen, including data security.
In early 2016, Rosen learned of a possible data breach involving customer credit card data. A forensic investigation located malware on the company’s payment network, which indicated a third-party had hacked into the system and determined that customer credit cards used between September 2014 and February 2016 may have been compromised. In March 2016, Rosen notified potentially impacted customers of the data breach.