On October 27, 2023, Resort Data Processing, Inc. (“RDP”) filed a notice of data breach with the Attorney General of Maine after discovering that an SQL injection attack enabled an unauthorized user to access confidential information in the company’s possession. In this notice, RDP explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, mailing addresses, email addresses, and credit card information. Upon completing its investigation, RDP began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Resort Data Processing, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Resort Data Processing data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Resort Data Processing?

The Resort Data Processing breach was only recently announced, and more information is expected in the near future. However, RDP’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, on August 21, 2023, RDP learned of a SQL injection vulnerability. Evidently, the vulnerability allowed an unauthorized third party to redirect payment card information from in-process transactions on our RDP’s clients’ on-premises Internet Reservation Module (“IRM”) servers.

Upon learning of the vulnerability, RDP installed a security patch and then launched an investigation into the incident. On August 23, 2023, the vulnerability was contained. However, ultimately, RDP confirmed that an unauthorized party was able to access the confidential information of certain consumers who stayed at resorts that do business with RDP, including:

• Alta’s Rustler Lodge
• Bluefin Bay Resort
• Campland on the Bay
• Dover House Condominium Association Timeshare Resort and Vacation Rental
• Silver Cloud Hotel - Tacoma Waterfront
• Silver Cloud Hotel Seattle - Lake Union
• Silver Cloud Hotel Seattle - University District
• Silver Cloud Hotel Tacoma at Point Ruston Waterfront
• Sunrise Beach Villas
• The Flanders Hotel
• The Mountain Club on Loon Resort & Spa
• Villas By The Sea Resort & Conference Center

After learning that sensitive consumer data was accessible to an unauthorized party, Resort Data Processing reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, mailing address, email address, and credit card information.

On October 27, 2023, Resort Data Processing sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Resort Data Processing, Inc.

Founded in 1981, Resort Data Processing, Inc. is a property management software company based in Vail, Colorado. Resort Data Processing employs more than 26 people and generates approximately $6 million in annual revenue.