On April 6, 2021, the Maine Office of the Attorney General disclosed a data breach at Hotel Vermont, stemming from a phishing attack executed on January 21, 2021. The incident exposed payment card information of 140 individuals, including 7 Maine residents. The compromised data raised concerns over potential financial fraud, though no identity theft protection services were provided to affected parties. The breach highlighted vulnerabilities in the hotel’s cybersecurity defenses, particularly against social engineering tactics like phishing, which exploited human error to gain unauthorized access. While the scope was limited to payment card details—without broader personal or financial data leaks—the lack of post-breach support underscored gaps in incident response. The attack did not result in systemic operational disruptions or broader reputational damage beyond the immediate financial risk to impacted customers. However, it served as a cautionary case for hospitality businesses handling sensitive guest payment data, emphasizing the need for robust employee training and proactive threat detection measures.
TPRM report: https://www.rankiteo.com/company/hotel-vermont
"id": "hot1023090225",
"linkid": "hotel-vermont",
"type": "Breach",
"date": "1/2021",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 140,
'industry': 'Hotel',
'location': 'Vermont, USA',
'name': 'Hotel Vermont',
'type': 'Hospitality'}],
'attack_vector': 'Phishing',
'data_breach': {'number_of_records_exposed': 140,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment Card Information']},
'date_detected': '2021-01-21',
'date_publicly_disclosed': '2021-04-06',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Hotel Vermont on April 6, 2021. The breach, '
'resulting from a phishing attack on January 21, 2021, '
'potentially affected 140 individuals, including 7 residents, '
'with payment card information being compromised. No identity '
'theft protection services were offered following the '
'incident.',
'impact': {'data_compromised': ['Payment Card Information'],
'identity_theft_risk': 'Low (No identity theft protection services '
'offered)',
'payment_information_risk': 'High (Payment card information '
'compromised)'},
'initial_access_broker': {'entry_point': 'Phishing Email'},
'references': [{'date_accessed': '2021-04-06',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'title': 'Data Breach at Hotel Vermont Due to Phishing Attack',
'type': 'Data Breach'}