« Disaster Recovery

Hershey Park reports data breach

Customers of Hershey Park may have had their credit card information stolen as a result of a data breach that occurred this year.
Customers of Hershey Park may have had their credit card information stolen as a result of a data breach that occurred this year.

The popular Pennsylvanian amusement park, Hershey Park, recently announced that they have suffered a data breach, as the company confirmed the attack and is offering more information to those customers who may have been affected.

Officials with Hershey Entertainment and Resorts (HE&R) Company explained that an internal investigation has exposed evidence of a breach between February 14 and June 2 of this year. All aspects of their business, including Hotel Hershey, Hershey Park and Hershey Park Stadium, were compromised, though the company reported that purchases made after May 9 were less likely of being affected than those prior to that date.

The system compromise was initially reported late last month, with HE&R coming out last week to confirm after a month of investigation. According to Financial Buzz, the breach was discovered when a routine virus scan from the company's internal anti-virus software identified and eliminated a suspicious file in their payment system. Despite receiving fraud complaints from customers shortly thereafter, Hershey Entertainment claims that there is no evidence that the file removed any information from their systems, according to NBC Philadelphia.

"HE&R had security measures in place that were designed to prevent an unauthorized person from retrieving the file that contained the copied payment card data, however, HE&R has not been able to conclusively determine that these measures were not bypassed," the company said in a statement. They continued, saying that even though their existing security should have prevented the incident, they will work to further improve cybersecurity with the help of an outside firm.

HE&R urged customers to monitor their credit card activity and report any suspicious charges immediately. They are also providing customers whose information was compromised in the breach with a free, one-year membership with a credit card security firm.

Companies that have yet to develop their own disaster recovery strategy can partner with a business continuity consultant with extensive experience in these issues.