Our Mountain Lodging & Dining Learning Rates & Rentals Groups & Weddings Press Room Jackson Gore Real Estate Online Store

Okemo Mountain Resort

Last Updated: Spring 2008

Credit Card Security Breach

Okemo Mountain Resort has been a recent target of criminal efforts to gain access to credit card data by infiltration of the computer network at Okemo Mountain ski area in Ludlow, Vermont.  An expert in data security and forensics hired by Okemo to assist in the investigation and response to the incident has informed Okemo that its computer system was improperly accessed by an outside party for a 16-day period between February 7, 2008 and February 22, 2008.  Affected consumers potentially include those who used their credit cards at Okemo during the 16-day period in February 2008 as well as cardholders who had credit transactions at Okemo two years ago during a three month period between January 2006 and March 2006. 

Upon discovery of this intrusion, Okemo promptly initiated security measures to block the infiltration and protect credit card data from any further unauthorized accessed.  Concurrently, Okemo contacted the FBI and Secret Service.  Okemo’s security breach, on a smaller scale, appears to have some similarities to the Hannaford breach as it involved infiltration of “real time” data.  The attack was designed to capture magnetic strip data from credit cards as the cards were swiped through serial devices at point of sale terminals.

The forensic expert determined that there was no evidence of any security breach to the computer systems at Mount Sunapee ski area in Sunapee, New Hampshire, or Crested Butte ski area in Crested Butte, Colorado. 

• Type of Credit Card Data Potentially Accessed

Okemo’s forensic expert determined that Track 1 and Track 2 credit card data was potentially accessed by the intruder.  Track data is the credit card industry’s standard information present on every credit card magnetic strip.  Track 1 data typically contains the cardholder’s full name, primary account number (PAN), expiration date, card verification value (CVV) and encrypted PIN.  Track 2 data typically contains the same data as Track 1 without the cardholder’s full name.

The forensic investigation produced no evidence that any other type of personal information was improperly accessed.  Okemo does not collect Social Security Numbers or other personal information at its point of sale terminals.

Visa, MasterCard and American Express are the only credit cards accepted at Okemo.  Okemo’s forensic expert determined that a total of 28,168 credit card transactions were potentially exposed by the attack during the 16-day period.  Of those transactions, 20,688 have been identified as Visa/MasterCard transactions and 7,480 as American Express transactions.  The number of cardholders involved in those transactions is likely to be smaller because multiple transactions were likely to have been processed on a single credit card.

A second set of credit card data potentially exposed by the attack was credit card transaction data during a three month period from January through March 2006 involving 24,463 individual credit cards.  Many of those credit cards are believed to have expired.

• Public Notification

Once Okemo’s forensic expert was able to determine the type of data potentially accessed by the infiltration, Okemo commenced the public notification process.  On March 31, 2008, a Media Notification was disseminated to more than 150 major print, television and radio media outlets in New England and the eastern United States.  Notice was also posted on Okemo’s Internet homepage as a credit card security alert.  See:  www.Okemo.com.  Okemo set up a Toll Free Call-In number to provide additional information and assistance to potentially affected cardholders.  The Toll Free Number is 1-866-756-5366.  Additionally, Okemo provided notice to the three major credit reporting agencies—Equifax, Experian and TransUnion.  Okemo has forwarded notification to a number of state attorneys general and consumer protection divisions.

• Protection of Cardholders

Okemo has provided notice to Visa, MasterCard and American Express and continues to work with the credit card companies and their forensic representatives.  The credit card companies notify the institutions which issued the credit cards so that those institutions may in turn notify individual cardholders or issue new cards.

Okemo recommends that all cardholders carefully review their credit card statements and credit card reports and remain alert for any unauthorized or suspicious activity.  Okemo recommends that cardholders consider obtaining free credit reports that are available through the three major credit reporting agencies, the contact information for which is listed below.  Cardholders who suspect that their accounts may have been improperly accessed should immediately notify their credit card issuer.

Okemo deeply regrets and apologizes for any inconvenience or concerns this criminal attack may have caused Okemo’s valued guests and visitors.

For further information or assistance, cardholders are encouraged to call the Okemo Toll Free Number 1-866-756-5366.  Okemo can also be contacted at Okemo Mountain Resort, 77 Okemo Ridge Road, Ludlow, VT  05149.

Listed below is the contact information for the major credit reporting agencies and the Federal Trade Commission.  Individuals may obtain information from these sources about steps they can take to obtain free credit reports and place a fraud alert or security freeze on their credit report and file. 


Contact Information for Credit Reporting Agencies and the Federal Trade Commission:

 Equifax
 Equifax Security Freeze
 P.O. Box 105788
 Atlanta, GA  30348

1-800-685-1111
PO Box 740241
Atlanta, GA 30374-0241
www.equifax.com

Experian
Experian Security Freeze
P.O. Box 9554
Allen, TX  75013

1-888-397-3742
PO Box 2104
Allen, TX 75013
www.experian.com

TransUnion
1-800-680-7289
Fraud Victim Assistance Department
P.O. Box 6790
Fullerton, CA  92834
www.transunion.com

The Federal Trade Commission
1-877-438-4338
600 Pennsylvania Avenue, NW
Washington, DC 20580
www.ftc.gov

Special Notice to Massachusetts Residents

Under Massachusetts law, Massachusetts residents who have been affected have the right to file a police report with respect to this incident.  Massachusetts residents also have the right to request a security freeze.  To place a security freeze, a consumer needs to send a written request to each of the three credit bureaus.  The contact information for each of these agencies is listed above.  A security freeze request must include the consumer’s name, address, date of birth, social security number, and credit card number and expiration date for payment, if applicable.  Each credit bureau has specific requirements for placing a security freeze, so consumers should contact each bureau for more information.  Please note that if you have been a victim of identify theft and you provide a police report to the credit reporting agency, the agency cannot charge you for placing, lifting or removing a security freeze.  If you do not have such a police report, the credit reporting union may charge up to $5 per transaction for placing, lifting or removing the security freeze.
You need to upgrade your Flash Player This is replaced by the Flash content. Place your alternate content here and users without the Flash plugin or with Javascript turned off will see this. Content here allows you to leave out noscript tags.
Contact         Employment         Summer         Search         Sitemap

Snow Report Plan Your Trip Video of the week Blog

Okemo Mountain Resort, 77 Okemo Ridge Road, Ludlow, VT 05149
Reservations: 1-800-78-OKEMO · Email: info@okemo.com
Infoline: (802) 228-4041 · Snow Report: (802) 228-5222
© 2008 Okemo Mountain Resort. All Rights Reserved. Terms of Service.