10,000 guests at Houston luxury retreat exposed to ID theft

The Secret Service alerted the Houstonian Hotel, Club & Spa on June 10 about an assault on the resort’s payment processing systems that, it is now known, began December of last year.

Hotel officials notified guests on July 8 about the "malicious software attack,” information technology director Jason Love said.

A news release issued that day stated: "As of June 20, we had fully replaced and overhauled the breached systems, further restricted access to all our servers and hired a data forensics firm to help us enhance our digital security."

The Houstonian on July 8 filed a criminal report with the police -- nearly four weeks after the hotel was informed of the breach.

“Love said the delay was related to the work of the forensic investigators and their report - which was expected to be completed late Tuesday,” the Chronicle reports.

It's difficult to know how many customers were hit, Love said, because people use multiple payment forms - credit cards, cash, checks and member charges - for amenities. Membership accounts were not affected.

The notification might have come too late for John West, whose VISA card was misused on July 7.

"I wish they had sent it out a month earlier when they were notified. Maybe my credit card would not have been used fraudulently," he told the Chronicle. In March, the think-tank vice president and college professor, who lives in the Seattle area, spent a few days at The Houstonian with his wife and kids.

In fairness, West said, he can't be certain that the attempted July 7 Wal-Mart purchase in Colorado was connected to the hotel hack.

When West tried to use the card on July 7 in his home state, his transaction wouldn't go through. That is when he called his credit card company and learned of the suspicious charge.