PORTLAND — Malware on a computer at the Brunswick Hotel & Tavern exposed names and credit card information of as many as 2,600 guests who stayed at the hotel between November 2014 and July 2015.
The company managing the 4 Noble St. hotel notified customers of the breach in a letter dated Aug. 21 and posted to the website of Vermont’s Office of the Attorney General.
Tim Feeley, a spokesman for the Maine attorney general’s office, said in an email that the company notified his office of the breach Aug. 24.
Dan Flaherty, chief financial officer for Portland-based The Olympia Cos., said Wednesday that investigators of the breach believed the malware was installed through a scam phishing email made to look like a message from a guest.
“It was mistakenly opened up, and the malware is then designed to avoid detection from antivirus software,” Flaherty said.
He said the company estimated a total of 2,600 guest accounts possibly had been affected, but investigators were not able to confirm how many of those were actually compromised.
Flaherty said the breach involved names and credit card information and not other personal identification information. He said the hotel has since upgraded its malware detection software.
“We’re committed to protecting the information and we regret any inconvenience that it’s causing,” Flaherty said.
The letter stated that hotel staff believes the malware was active on one of its front desk computers from Nov. 29, 2014, through July 21, 2015. Security consultants for the hotel identified the malware Aug. 12, 2015, according to the letter.
The letter provided customers individual codes for signing up for credit monitoring before a Nov. 30 deadline.
Other Olympia properties in Maine include the Hilton Garden Inn Downtown and Clarion Hotel in Portland, Hampton Inn in South Portland, and Inn by the Sea in Cape Elizabeth.
The Brunswick Hotel & Tavern, 4 Noble St., Brunswick