The Hotel Monteleone has been the target of at least two cyberattacks in recent years — security breaches that compromised credit and debit card numbers and exposed the French Quarter landmark to hundreds of thousands of dollars in liabilities.
The hotel’s management refused to discuss the attacks or say how many guests were affected.
The breaches came to light in a lawsuit the upscale hotel filed last week in U.S. District Court against an insurance carrier it claims wrongfully limited coverage in the wake of the second attack, which came to the hotel’s attention in October 2014.
“As a result of the security breach, payment card numbers allegedly were compromised and were no longer confidential,” the hotel’s attorneys wrote.
The Hotel Monteleone, which has been family-owned for more than a century, “has been held liable for multiple types of losses as a result of the 2014 cyberattack,” the attorneys wrote, including “fraudulent charges” and the cost of replacing credit and debit cards.
In the wake of the attack, court documents show, the hotel also received a “written demand” from at least one payment card processor, BMO Harris Bank N.A.
Citing the pending litigation, a spokeswoman said last week that the Monteleone is “unable to respond” to any questions about the cyberattacks.
It was not clear whether the hotel reported the incidents to law enforcement. The New Orleans Police Department said it had no record of the 2014 attack.
The Hotel Monteleone has been grappling with hackers since at least 2013. The hotel suffered a cyberattack that year that “stole payment card numbers,” according to the lawsuit. “That 2013 cyberattack resulted in liabilities assessed against Hotel Monteleone in the form of operational fraud and operational reimbursement” in excess of $200,000, the suit says.
The hotel did not have a so-called cyber-insurance policy at the time of the 2013 attack but later purchased one through Ascent Underwriting. The hotel wanted to make certain it would have coverage against “fraudulent charges and the costs of replacing payment cards as a result of a cyberattack,” according to the lawsuit.
The hotel believed that the policy, issued by Lloyd’s of London, would cover up to $3 million in losses in the event of a subsequent attack.
According to the lawsuit, however, Ascent disputed that interpretation and asserted the policy covered only $200,000 for fraud and reimbursement claims.
The underwriters last week asked a federal judge to dismiss the lawsuit, saying the dispute would be more appropriately resolved in arbitration.
Cyberattacks have become increasingly common in recent years, and many hotels, including some national chains, have been among the victims.
Follow Jim Mustian on Twitter, @JimMustian.