Drury Hotels Informational Website
Notice of Data Breach
Drury Hotels values the relationship we have with our guests and understands the importance of protecting their information. We are providing notification regarding a security incident that occurred on the network of one of our service providers. This notice explains the incident, the measures we have taken in response, and some steps you may consider taking in response.
For most hotels, there are two ways to make a reservation – directly with the hotel or indirectly through third party online booking websites (websites run by other companies that compare rooms and rates at different hotels). For reservations that are made through online booking websites, many hotels use a technology service provider to collect the reservation data from the online booking company and enter it into the hotel’s property management system. On March 26, 2019, we were notified by the company that provides that service to us and other hotel companies that it was conducting an investigation to determine if there had been unauthorized access to its network. The service provider reported that it had hired a cybersecurity firm to conduct an investigation. Since then Drury Hotels has worked closely with the service provider to get updates on its investigation.
The service provider later advised us that the unauthorized access to transaction records related to reservations in its network began on December 29, 2017 and ended on March 13, 2019. We received a list of the specific transaction records that were involved on May 15, 2019.
What Information Was Involved?
The information in the transaction records that were involved included name, payment card number, expiration date, and the card’s external verification code. Some transaction records also included mailing addresses or email addresses. Specific details regarding the reservation itself were not involved. Only transaction records from some third party online booking websites were involved. And only some, not all, of the transaction records from those third party online booking sites were involved.
Reservations that were made directly with Drury Hotels (by calling Drury Hotels or using our website or mobile app) were not involved in this incident.
What You Can Do.
We encourage you to closely review your payment card statements for any unauthorized charges. You should immediately report any such charges to the bank that issued your card. If reported timely, payment card network rules generally provide that cardholders are not responsible for unauthorized charges. Information on additional steps you can take can be found below.
What We Are Doing.
We regret that this incident occurred and apologize for any inconvenience. We have been in frequent communication with the service provider since it notified us of the matter and have received confirmation that it has undertaken measures to prevent something like this from happening again. We will continue to work with the service provider to identify the security enhancements it is implementing.
For More Information.
If you have any questions about this matter, please call (800) 382-6291, Monday to Friday, from 8:00 a.m. to 8:00 p.m., Eastern Time. The call center is also open on Saturday, May 25, from 10 a.m. to 6 p.m., Eastern Time.