Posted On April 26, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Inntopia

April 26, 2022 – Recently, Sterling Valley Systems d/b/a Inntopia announced a data breach following an incident in which a malicious actor was able to access certain individuals’ names and credit or debit card numbers. On April 21, 2022, Inntopia sent out data breach notifications to those whose information was compromised in the recent breach.

The data breach lawyers at Console & Associates, P.C. are actively investigating the Inntopia data breach. Our law firm is investigating the Inntopia data breach and is currently seeking to interview as many victims of the breach as possible to determine how they were impacted and what legal options may be available to them. If you would be willing to participate in the investigation and would like to have a free consultation and case evaluation, please contact us as soon as possible.

In 2021, there were 1,862 data breaches affecting more than 189,000,000 individuals. Victims of identity theft spend, on average, 200 hours and more than $1,300 recovering their identity. Many of these victims also suffer credit damage, emotional distress, and may even end up with a criminal record. Taking immediate action is the best way to prevent the worst consequences of a data breach.

What We Know So Far About the Inntopia Breach

According to a letter issued by the company, on around February 18, 2022, Inntopia detected suspicious activity on its IT network. In response, the company began an investigation into the incident, hoping to learn more about its cause as well as whether any sensitive consumer information was leaked as a result. The company’s investigation revealed that between October 9, 2021 and February 18, 2022, an “unknown actor” was able to access names and payment card information located on its computer network.

On April 22, 2022, Inntopia began sending out data breach notification letters to all individuals whose information was compromised as a result of the recent data security incident.

Inntopia is the consumer-facing name of Sterling Valley Systems, Inc., which is a software company focused on the hospitality industry. Inntopia creates and markets software for ski resorts, golf resorts, hotels, and others in the hospitality business. Among other things, Inntopia software allows resorts to track customer metrics, which the resort can then use to provide a more customized product to their guests. Inntopia employs 39 people and generates $7 million in annual revenue.

Can Consumers Whose Data Was Leaked Pursue Legal Action Against a Company?

When you allowed Inntopia access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the Inntopia data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.

Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.

Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Inntopia breach is only in its beginning phases. For that reason, it is too early to tell if Inntopia was legally responsible for the breach. However, our data breach attorneys are investigating the Inntopia security breach to determine the potential legal remedies of those affected.

If you have questions about your ability to pursue a data breach class action lawsuit against Inntopia, contact a data breach attorney as soon as possible.

What to Do If You Received a Data Breach Notification from Inntopia

If you receive a data breach notification from Inntopia in the coming weeks, it means your personal data was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:

1. Figure Out What Information Was Stolen: Carefully review the data breach letter sent by Inntopia, keeping in mind the information you provided to the company as well as the type of data that was compromised in the breach. You should also take a copy of the data breach letter and keep it for your records. Of course, data breach letters are not always easy to understand. A consumer privacy lawyer can help victims of a data breach understand what was compromised and how to protect themselves.
2. Prevent the Hacker from Accessing Your Accounts: Once you determine the scope of the breach and how it affected you, you should take all steps to prevent cybercriminals from accessing your credit or financial accounts. For example, you should change all passwords and security questions for your online accounts. You should also consider setting up multi-factor authentication where it is available.
3. Protect Your Credit and Your Financial Accounts: In the wake of a data breach, companies usually provide free credit monitoring services for a specified period of time. This is not a gimmick, and you do not give up any rights by taking a company up on their offer. Additionally, you should contact one of the three main credit bureaus to request a copy of your credit report. Even if you do not notice any signs of fraud or unauthorized activity, it is a good idea to request a fraud alert. Fraud alerts are free and serve as a red flag to potential lenders and creditors that your information was compromised.
4. Consider a Credit Freeze: A credit freeze prevents access to your credit report unless you specifically authorize it. Credit freezes are free and last until you remove them. While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit.
5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach is not a one-time task. You should continually monitor your credit report and all financial accounts, keeping an eye out for any signs of unauthorized activity or fraud. You may also consider calling your banks and credit card companies to report the fact that your information was compromised in a data breach.

If You Have Questions About Your Rights Following the Inntopia Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Inntopia data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

What Was Sent to Those Affected By the Inntopia Breach?

Below is a copy of the initial data breach letter issued by Sterling Valley Systems dba Inntopia:

Dear [Consumer],

Sterling Valley Systems, Inc. d/b/a Inntopia (“Inntopia”) is writing to inform you of a recent event that may impact the privacy of some of your information. Inntopia is the e-commerce platform that operates the reservation system for [Extra1]. We are providing you this letter as a precaution to inform you of this event, our response, and steps you can take to protect your information, should you feel it necessary to do so.

What Happened?

On or about February 18, 2022, Inntopia discovered suspicious activity on its platform. Inntopia launched an investigation with the assistance of third-party cybersecurity specialists to determine the nature and scope of the activity. While the investigation is ongoing, we recently determined that between October 9, 2021 and February 18, 2022, an unknown actor gained access to payment card information within the platform. Inntopia immediately began a review of its files to identify impacted individuals and determined that some of your information was impacted.

What Information Was Involved?

The payment card information you used to make reservations for the booking services Inntopia provides may have been accessed or acquired by the unauthorized actor. This includes your credit or debit card number, [Extra2]. Please note, your Social Security Number was not impacted by this incident.

What We Are Doing.

Inntopia takes this event and the security of your information seriously. Upon learning of this event, we moved quickly to investigate and respond to this event with the assistance of third-party cybersecurity specialists. The investigation and response included confirming the security of our systems, notifying payment card brands and law enforcement, further strengthening our technical controls, and implementing additional security measures. In addition to these efforts, Inntopia is notifying potentially impacted individuals, like you, so that you may take steps to best protect your information, should you feel it necessary to do so.

As an added precaution, we are also offering ## months of complimentary access to credit monitoring services, which include credit monitoring, access to a dedicated call center, fraud consultation, and identity theft restoration through Experian. Individuals who wish to receive these services must activate by following the instructions found in the enclosed Steps You Can Take to Help Protect Personal Information.

What You Can Do.

We encourage you to remain vigilant against identity theft and fraud by reviewing your card and account statements and monitoring your free credit reports for suspicious activity and to detect errors. Please also review the information contained in the enclosed “Steps You Can Take to Protect Personal Information.” There you will also find more information on the credit monitoring services we are offering and how to activate.

For More Information.

We understand that you may have questions about this event that are not addressed in this letter. If you have additional questions, please call our dedicated assistance line at (833) 475-1809, Monday – Friday from 6:00 a.m. to 8:00 p.m. or Saturday and Sunday from 8:00 a.m. to 5:00 p.m. (exclusive of major US holidays).

We sincerely apologize for any inconvenience this may cause.