Wyndham Rewards (formerly TripRewards) - wyndham security breach?

got a letter yesterday from wyndham saying there had been a 'data security incident involving your personal information.' the letter did not state which hotel chain it was--and, frankly, i can't remember staying at a wyndham this year, although i did have a friend who stayed at a days inn...maybe that was it.

basically, after apologizing profusely but vaguely, the letter offers a free year of equifax credit watch using a promotional code, and 20% off room stays at a wyndham hotel if i book before march 31st...

just wondering if anyone else got this.

edited to add: i just called the toll-free number on the letter, and the girl i spoke with wasn't particularly helpful. for example, when i asked what hotel it was, or what chain within wyndham, she only said 'we don't have that information' over and over, and wasn't able to tell me who might have that information. she did say that the breach occurred in september (the letter said this as well) and they just concluded an investigation involving the credit card companies, which is how they got my name/address and why it took three months to tell people about this. :rolleyes:

I haven't received a letter, but haven't been at the address on the account since Thanksgiving. To try to figure out hotel brand or hotel, can you log into your Wyndham Rewards account and view your prior stays?

thanks, kipper--i figured it out...i was at the wyndham o'hare in may during a mileage run--got a vdb and united put me up for the night before sending me on to nrt the following day (in f :D).

no wonder i didn't remember--i didn't get a stay credit since it was a negotiated rate with united, and i don't have a credit card folio 'cause there were no charges to me. frankly, i'm trying to figure out which of my three ccs i used...as long as it wasn't my (main) amex, i'm tempted to get a new cc number.

still think it's weird i've seen nothing about this anywhere else...maybe it was a very small breach.

got a letter yesterday from wyndham saying there had been a 'data security incident involving your personal information.' the letter did not state which hotel chain it was--and, frankly, i can't remember staying at a wyndham this year, although i did have a friend who stayed at a days inn...maybe that was it.

basically, after apologizing profusely but vaguely, the letter offers a free year of equifax credit watch using a promotional code, and 20% off room stays at a wyndham hotel if i book before march 31st...

just wondering if anyone else got this.

edited to add: i just called the toll-free number on the letter, and the girl i spoke with wasn't particularly helpful. for example, when i asked what hotel it was, or what chain within wyndham, she only said 'we don't have that information' over and over, and wasn't able to tell me who might have that information. she did say that the breach occurred in september (the letter said this as well) and they just concluded an investigation involving the credit card companies, which is how they got my name/address and why it took three months to tell people about this. :rolleyes:

I received this as well. I don't remember staying at a Wyndham property, so I need to review which properties they own. I don't have an acct with them, as I use Intercontinental.
Thanks for calling them, looks like a follow-up call on my part will not be helpful.

I received this as well. I don't remember staying at a Wyndham property, so I need to review which properties they own. I don't have an acct with them, as I use Intercontinental.
Thanks for calling them, looks like a follow-up call on my part will not be helpful.

the woman i spoke with said that it's possible the property wasn't a wyndham when [you] stayed there, but has since been re-branded as a wyndham, and the credit card information went along with the re-branding...if that helps.

the woman i spoke with said that it's possible the property wasn't a wyndham when [you] stayed there, but has since been re-branded as a wyndham, and the credit card information went along with the re-branding...if that helps.

I do know of one HI Select that recently changed over to Wyndham. That's probably what happened. I'm thinking I need to have my CC #'s changed too.

It is a Wyndham resort at Puerto Rico, the stay was November of 2007!

I dont remember which credit card is used. It was a priceline stay, but of course had to submit CC at check-in for incidentals.

On December 2008 my wife received a letter as posted here in regards a WYNDHAM HOTEL AND RESORTS security breach. Immediately I done as other times and research snopes.com and others to see if it is an hoax or if it is the real deal. To me this seems a like promotional scam. Does anyone knows anymore information on this? It seems to me that either they need to improve their security or simply quit using scams to make people sign up for something that will just lead you to get something from them or even to make reservations in their hotel rooms. Is this a catch 22 scam? It seems to me that if my credit cards security was compromised by their stupidity then why would I want to give them any more business? Does this make sense to anyone or is it just me. Happened on 2004, 2005 and now on 2008 when the economy is tough. Scam or true? Kind of like to know for sure...:mad:

Believe this is a phishing scam, i.e., looking to steal identities. I have received several legitimate compromise letters and none of the letters have gone into such detail about the incident as this letter did.

Plus, my letter told me that I would be given one year of free Equifax Credit Watch 3 in 1 Alerts. The website the provided in the letter to obtain the free service, while looking like it is an Equifax website, is not...for I already have an Equifax account and no where can I locate such a website that branches off from the true Equifax website. Moreover, Equifax uses a secure (https) website to have you purchase a product from them.

If you doubt the legitimacy of the letter you received, then you should contact Wyndham directly using the phone numbers provided at www.wyndham.com. Or, go to the credit monitoring agencies websites and use the phone numbers provided by there to inquire as to the legitimacy of this letter.

I too received a letter addressing the Data Security Incident. I called the Wyndham reservations line and talked to a representative. She said the letter was a legitimate letter and told me to call the phone number provide in letter for further details. Then she offer me a three day free stay at a Wyndham resort, I declined.

Suggest anybody questioning the legitimacy of their letter call Wyndham using the phone numbers at their website to check it out. These days, you should never call the number on a letter until you have checked out the validity of the claim stated.

I tried to google it to find out more about this "security breach" letter. Nothing turns up.

This makes me very skepticle about the purpose of this letter.

I tried to google it to find out more about this "security breach" letter. Nothing turns up.

This makes me very skepticle about the purpose of this letter.

the thing about it not turning up on google made me suspicious also...seems in this day and age, someone (other than us) would be talking about it, no? :confused:

the thing about it not turning up on google made me suspicious also...seems in this day and age, someone (other than us) would be talking about it, no? :confused:

Exactly. It should have been already included in various data bases that track security breach.

Because it has not made it into any of the tracking sites, I would not register for the "free" ID monitoring service that is offered by the letter.

I got the letter, too. I did register for the service, since the domain ends with 'equifax.com'. I was already disappointed that the information was hacked (this is going to happen more and more due to shoddy data management), but imagine how crappy to learn that you have to pay just to see your credit report, and more to know your credit score. Their offer includes only alerts when something changes!

I know someone who went through a similar situation, and their company offered at least membership with the credit bureau which allows her to log in and view her report any time.

I, too, believe this could easily be a scam -- we know that the credit reporting companies will do anything to get new revenue, and lots of people who sign up for this "offer" will pay extra to view their reports, probably out of fear. Additionally, the letter offers, "for a limited time...a Preferred Customer Rate...You will receive a 20% discount on the room rate..." Even at 20% off, Wyndham makes a tidy profit, something they probably need badly in this environment.

I got the letter too and for the life of me I can't remember when I've stayed at a Wyndham in the last few years. I checked all of my winning priceline bids and also checked my Wyndham account and no stays. The only thing I can think is that maybe I had a reservation confirmed with a CC and then I canceled the reservation.

This seems fishy to me.

Can somebody post the telephone number listed in the letter?

The link in the letter, www.myservices.equfax.com/3in1alerts. goes to a site that looks like the homepage of equfax.com but it isn't identical.

Rather than use the address in the letter I attempted to enroll in the service using the promotional code from the letter, but through equfax.com. It didn't work.

Since there is no public report of this breach, it may be better to wait until there is an official confirmation of some sort, or until it is possible to enroll in the Equifax Credit Watch through Equifax's homepage. If it is phishing, it is very well done.

Can somebody post the telephone number listed in the letter?
1-888-355-2327 (between 7AM and 10PM Central Time, 7 days a week).

I too received a letter. I found the signator's name in the Wyndham website, and she seems to be a corporate counsel which somewhat legitimizes the letter:
Kirsten Hotchkiss
Senior Vice President
Enterprise Compliance and Employment Counsel
Wyndham Worldwide
I am still suspicious, though, and wouldn't sign up for the offer. Equifax is pretty relentless when it comes to getting money.

"Security Breaches" like this happen at companies all the time and almost always turn out to be far more minor than the letter suggests. Usually they end up being something like someone's laptop got stolen and it had a list of names and credit card numbers or something. (This would be minor because most laptop thieves aren't interested in your identity -- just in the laptop.)

I've never heard of a letter like this being a scam in any way. They're offering you free credit protection through a reputable company. Two of my former employers had similar security issues and both responded the same way -- by offering a year of free credit protection through various services.

Either throw the letter away and pull your annual free credit report (that the law entitles you to anyway) or sign up for the service... but there's no scam behind the offer.

I also got the letter & since I know of only 1 date and place that I have stayed at a Wyndham in the past 3 years, I believe I know what CC was compromised. Problem is that contrary to what the letter says, Wyndham has NOT notified my CC company. Frankly, I think the letter is basically an attempt to whitewash this incident and keep it as low key as possible. This needs to be publically reported and Wyndham needs to give affected consumers more details like specifically what CC info was compromised. That is their legal requirement but they are not being forthcoming. Those of us who have been affected, need to make this as public as possible and demand more information about what specific info was compromised.

I searched consumerreports.org and found some resources:
Seek other help. To share your views about identity theft with your state or federal legislators, visit Consumers Union’s public-policy Web site at www.consumersunion.org. For other information, check out the nonprofit Identity Theft Resource Center at www.idtheftcenter.org and the Privacy Rights Clearinghouse at www.privacyrights.org.

More info here: http://www.idtheftcenter.org/artman2/publish/lib_other/Resource_Links.shtml

I submitted a new incident report to datalossdb.org and I suggest all those affected do the same: http://datalossdb.org/submissions/new

Finally, I will be calling the Wyndham contact person listed on the letter and I suggested that affected persons do the same. Kirsten Hotchkiss is Wyndham's Corporate Counsel in Parsippany, NJ. You can contact her at 1-800-527-8778 or 973-753-6000; choose the option to search the directory by name.

Good luck

I received the letter today. Stayed at the Wyndham Hotel North at DFW 3 times in 2008, last time being August. The hotel was formerly a Holiday Inn Suites and was purchased earlier in the year by Wyndham.

I also noticed in the letter that the online delivery for www.myservices.equifax.com/3in1alerts had equifax spelled correctly.

But still suspicious its a scam.... Saw nothing on their website about the incident.

The site is legit. I used the link in the letter and signed up using Equifax credentials from a membership two years ago. They worked (the details of the old membership were in the "profile" section of the website).

One other tidbit from the phone support for Wyndham (using the number in the letter and waiting for 40 minutes on hold): The breach was in September; the credit card information was collected by Wyndham during stays from 2006 to July 2008. So, you may have been at a Wyndham (Intercontinental, etc.) a long time ago and have gotten caught up in this.

This is real. You can call the company and get confirmation that the event happened but no other helpful details.

Curiously, many people on this thread are assuming this is a scam apparently because there is no info on Wyndham's site and this is not in the news. Since there is no state or federal laws requiring that a company publically disclose info about security breaches like this, it is reasonable to assume that a company like Wyndham will NOT make a public announcement voluntarily. Data security breaches happen daily and are not publisized unless news organizations find out about them through sources other than the official company PR. That is why consumer advocacy groups are asking governments to require that this info be made public. Until then, the only way to make this public is by those affected by the breaches to report them to organizations like datalossdb.org.

to all the new posters, welcome to ft! ^

hopefully you'll find more information here than just on this particular issue, and even be able to help some fellow flyertalkers.

to the issue at hand, i dunno...i guess the reason i'm suspicious is that, as chasdemo mentions, my cc company hasn't been contacted, and the site mentioned in the letter wants my ss# as well as a bunch of other fairly personal information. yes, i get that it's really the equifax site, but for some reason it just doesn't quite pass the smell test...like, maybe it's a marketing ploy to get more business for equifax.

for now, i'm not signing up for my 'free membership.'

to all the new posters, welcome to ft! ^

hopefully you'll find more information here than just on this particular issue, and even be able to help some fellow flyertalkers.

to the issue at hand, i dunno...i guess the reason i'm suspicious is that, as chasdemo mentions, my cc company hasn't been contacted, and the site mentioned in the letter wants my ss# as well as a bunch of other fairly personal information. yes, i get that it's really the equifax site, but for some reason it just doesn't quite pass the smell test...like, maybe it's a marketing ploy to get more business for equifax.

for now, i'm not signing up for my 'free membership.'

Ditto here. The type of membership offered by Wymdham is a worthless one.

I used the "free membership" from Equifax before as an offer from purchasing Microsoft's software Money. The service is USELESS - for all it does, is to email you alert that a merchant has request a credit report or a change to your credit card balance (parameter set by you), and some minor things. Then half-way thru my subscription, the email service stopped, for no particular reason. I was still able to access Equifax site to look up my "account" for a couple months more so I did not bother to call due to the often very long hold time. Then an email came from Equifax, apologizing some of their customers have reported they dont receive email alerts and they are finally to address the problem ... That was like 3 or 4 months after no email alert was sent! No new email alert every resume. And I found out my "free membership" was CANCELLED 2 months before expiration, noted as "per customer request". I have never ever contacted Equifax on anything related to this "free membership". It is a totally worthless marketing ploy Equifax stuck it to the Microsoft software, in the hope you would sign up for the Real thing that carries subscription fee.

Looks like there is already an incident opened in datalossdb.com. Looks like the source is a letter that Kirsten Hotchkiss sent to the AJ of the State of NH (I assume that NH has a law requiring companies to notify the state if any of their residents were affected by a security breach. Here is the link to the incident:

http://datalossdb.org/incidents/1315-letter-from-wyndham-reporting-credit-card-number-expiration-date-possibly-names-were-compromised

Within this incident, you can download a .pdf of the letter that Ms Hotchkiss sent - it has a little more info, but not much more.

I suggest that others submit their own incidents or at least post a comment to this incident. Perhaps we can get an idea of how widespread it is.

Interesting thread. I’ve not received any notice from Wyndham.

Interesting thread. I’ve not received any notice from Wyndham.

I haven't received a notice either, and I've stayed at several Wyndham properties in the past few years.

I too have received this letter from Wyndham and think that this is not a scam... Back in '04 I received a similar letter about how a laptop was stolen/lost that contained information that I've used to registered for the MCAT. In that letter, I was also offered Equifax Credit Watch free for one year.

I also received the letter, couldn't remember staying in a Wyndham flagged property in maybe 5 years. So I placed the letter on my desk next to my computer awaiting some further news article on the incident. This week the wife got very concerned regarding the details of the letter and darn if she didn't remind me that we indeed did stay at a Wyndham last summer.

The remedy proposed in the letter did not seem appropriate with the "crime" and its wording make it seem more like some sort of subtle advertisement for the credit agency than a fool-proof remedy.

If anyone does hear more, please YELL LOUDLY.

SAS

Short Answer:
- The letter is valid
- Information in the letter (URL, phone #, etc) is valid

Long Answer:
I also received a letter stating that there had been “a data security incident involving your personal information”. In the letter was a promotion code for a year of credit monitoring from Equifax free for a year. I did not feel comfortable with the URL in the letter (www.myservices.equifax.com/3in1alererts) so I called Wyndham directly. The Wyndham representative confirmed that the letter was valid and gave me phone number to call for more details. The phone number the rep gave me was the same one contained in the letter.

I then went directly to Equifax as I still did not feel secure about the URL in the letter. After filling out the required information and verifying my identity, I tried to enter the promotion code given to me in the letter from Wyndham but it did not work.

I called the number, referred to me by both a Wyndham rep and the letter. I asked if she could identify which credit card was at risk, but she said only her supervisor could look up that information and that I should expect a call within one to two days. I also asked about the promotion code for Equifax which did not work, and she said that they would get back to me with a valid code.

I decided to check out the URL provided in the letter (www.myservices.equifax.com/3in1alererts). Once you click on the link to buy the “3 in 1” service it goes to the same URL (one of the parameters is different, however) that you would have gotten if you had started from Equifax.com. Since I had already created an account from Equifax, but did not enter payment information since the promotion code didn’t work, I gave the URL in the letter a try. The site recognized that the user ID I had just setup directly from Equifax.com was in use, so I conclude that the URL in letter is a legitimate Equifax URL.

So, now I’m just waiting to hear back from Wyndham with a valid code for Equifax and details on the credit card which may have been compromised.


----------------
Now playing: Jason Mraz - jmraz2006-08-07.m1290.d1t03 (http://www.foxytunes.com/artist/jason+mraz/track/jason+mraz+-+jmraz2006-08-07.m1290.d1t03)
via FoxyTunes (http://www.foxytunes.com/signatunes/)

My husband also received the Wyndham letter, but I have doubts about this. We stayed in Wyndham Puerto Rico.
If somebody have more information about the Wyndham security inciden, please tell me.

<snip>

So, now I’m just waiting to hear back from Wyndham with a valid code for Equifax and details on the credit card which may have been compromised.



welcome to ft (ditto to ivette). ^ let us know if they actually get back to you. i remain skeptical, and have not signed up with equifax through the link in the letter.

It's official... Wyndham Hotels had a huge security breach.

I'm not sure how many of you have the time and the patience to file for credit reports, monitor your statements, activate fraud alerts, contacting the FTC, and so on and so forth.

But there is a better way.

I'm probably prohibited from describing the service in detail here, but I've made my email accessible, or if there's a private messaging function here, that should probably work as well.

In short, we're talking about the only product on the market that offers full identity restoration.

Here is a YouTube video that discusses the service:
http://www.youtube.com/watch?v=JMtTMtj0pXM

So how many of these breaches is Wyndham supposed to be having? I got a letter today, August 28, 2009, and it says they had a breach for transactions that occurred between March 29 and May 10, 2009, when I was laid up with a broken leg. And though I may have stayed at a Wyndham sometime in my life (Ramada, Days Inn -- the cheapies) I can guarantee you that I have never used my first name with them, which is Carol, because I have NEVER owned a credit card using that name. I go by my second name, Gloria, and ALL of my records / cards etc. are in that name. Yet, the letter is addressed to Carol (Lastname)

Where they got my first name is a mystery. NOBODY calls me by that name, because they don't know it! Not even my grade-school teachers, as I was registered with my second name and no middle name. I can guarantee that among the stack of 20 mails -- junk and otherwise -- on my kitchen table, this letter from Wyndham is the only one using my first name. It had to have come from someone looking deeply. Carol is only a name on my SS card -- a legal signature. Not even on my BA; not on my lease; not on any CC in existence. Makes me wonder.

So, I'm just a wee bit skeptical. And suspicious when I see they're also asking for my SS#.

If this letter has worked for some others, more power to you. I just don't trust that it's completely on the up and up. Smells too phishy for me.