The Brunswick Hotel & Tavern in Brunswick has notified roughly 2,600 former guests that a malicious program found on the hotel’s computer system may have allowed thieves to steal their payment information.

Portland-based Olympia Hotel Management, part of The Olympia Cos., issued letters to former customers on Aug. 28 stating that it had “recently discovered malware on the hotel’s computer systems that may have resulted in unauthorized access to name and payment card information.” The 2,600 guests included about 320 Maine residents, an Olympia official told the Portland Press Herald.

The malware may have been unleashed by an employee unwittingly opening a malicious email attachment, said Olympia Chief Financial Officer Dan Flaherty said.

“We believe it could have been an email phishing scam,” he said.

A copy of the customer letter was posted online Aug. 25 by the Vermont Office of the Attorney General, followed by an article posted Tuesday by SC Magazine, a publication for information technology security professionals.

According to the letter, “it appears that one of the front desk computers at the hotel was infected with sophisticated malware designed to capture and permit remote access to payment card information while avoiding detection by anti-virus software” for a period of nearly eight months beginning Nov. 29. It was discovered and removed on July 21.


Olympia said in the letter that it has retained “a leading cybersecurity and investigations company” to investigate the malware infection and tighten the hotel’s computer security.

The hotel operator said it has not been able to confirm that customer payment information was stolen, nor has it been able to rule out the possibility. It is offering affected guests a year of free credit monitoring service.

Olympia has set up a customer incident line at 877-271-1388 for guests who believe they have been affected.

The hotel operator said a group of three customers contacted the Brunswick Hotel in late June to inquire about fraudulent charges they had discovered shortly after their stay at the hotel. That inquiry led to the investigation that uncovered the malware, it said.

So far, three additional guests have called the incident line, but no further payment card fraud has been confirmed, Flaherty said.


Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.