Update – Monday 11 May 2020
The data breach has been reported to the Office of the Australian Information Commissioner and we have followed their advice. As directed, we have worked to identify all potential guests involved and have sent out a notification by email, text messages, as well as published it on our brand website. The notification (below) highlighted what happened and what information may have been taken. This was actioned on the 5th of May, which is within the 30 days window required by the Office of the Australian Information Commissioner.
This incident has prompted us to urgently review how we collect and archive our registration cards and guests’ information. Hotels have the necessity to keep these records as they can be requested as proof of stay in case of a dispute with third party travel agents and credit card fraud enquiries. We are actively working on rolling out revised policies and procedures to improve the collection, management, storage, security and compliance of these records. We are working on both external storage facilities for archiving, revised policies and procedures around personal data handling and management and a strict timeline for implementation and roll-out by the end of May 2020.
No amount of apologies will remove the inconvenience and concern this burglary has caused, however you can be assured that our teams are fully committed to ensuring we eliminate the risk of this ever happening again.
For further information and if you think you may have been impacted by the breach, please feel free to email firstname.lastname@example.org, call 1300 964 821 during business hours, and consult our website for further updates.
The police investigation is still ongoing.
Attention: Guests who stayed at Punthill Little Bourke between January 2015 and February 2020
Re: Data Breach Notification, Punthill Little Bourke
A burglary recently occurred at Punthill Little Bourke in Melbourne that has resulted in a data breach which may have potentially involved the theft of some of our past guests’ personal information.
First up, we would like to offer our sincere apologies for any inconvenience and concern this may cause. Additionally, we take this opportunity to provide details regarding what has occurred, and also what steps we have taken thus far.
Description of the data breach.
The storeroom in the basement of Punthill Little Bourke had been used to store and archive daily hotel paperwork. At around 4am on Wednesday, 22 April 2020, CCTV shows it was broken into by a hooded individual using a crowbar, and the break-in was subsequently discovered by the hotel manager later that morning. It appears that paperwork from archive boxes dated between January 2015 and February 2020 was stolen by the burglar during the break-in.
Victoria Police were immediately contacted and called to the scene. Since then Punthill Apartment Hotels and its management team have been actively working to facilitate and assist the police in their investigation and extending our full cooperation. Management has also immediately replaced and reinforced the storeroom lock, and has moved the hotel’s archives to a different location as an additional precautionary measure.
Police have taken fingerprints and DNA samples as part of their ongoing investigation. Punthill Apartment Hotels is also assessing how much paperwork has been stolen and contacting all past guests of the hotel who may have been impacted by the breach.
What kind of information is involved?
The archive boxes contained past guests’ printed registration cards which may contain some or all of the following information:
- First and last name
- Arrival and departure dates
- Phone number
- Company name
- ID number and expiry
- Receipt of bank card pre-authorization including card number and expiry date but not the CCV number
Because only part of our printed records has been stolen, it is difficult to assess with certainty which guests’ records have been taken, and how much information was included on each registration card. As a precaution and in accordance with the Office of the Australian Information Commissioner recommendations, we are contacting and advising all guests that have stayed at Punthill Little Bourke during the period between January 2015 and February 2020, so that they can take appropriate action.
We also strongly recommend that you:
- Monitor your bank accounts and credit card statements for any suspicious activity; and
- Contact your bank and advise them your card number and expiry date may have been stolen and follow their recommendations regarding whether you should get a replacement card or not.
If you are concerned about the potential theft of your personal information and would like further information, please feel free to email email@example.com or call 1300 964 821 during business hours.
Once again, we apologise for any inconvenience and concern caused and we will keep you updated (via our website) on the Police investigations as further information comes to hand.
Punthill Apartment Hotels