Data Security Incident and Our Response

What happened to La Fonda’s IT system?

On August 18, 2022, we became aware that an unknown third party had gained unauthorized entry to La Fonda’s computer systems and disrupted access to certain servers and workstations.  We immediately initiated our security response plan and engaged outside IT security and forensics experts to assist us in remediation and a thorough investigation.  We are proud that our internal team came together quickly and effectively. With the aid of our IT recovery plan, we restored our primary computer systems and data using available backups and resumed normal operations within two days.  We are still unable to determine precisely what data was subject to unauthorized access by the intruder, but it appears that some data was removed from our systems.  To date, we have received no indication that customer data was included, or that any sensitive information has been misused as a result of this incident.  However, this is a recent event, and the situation is subject to change.  We sincerely regret that this occurred, and want to assure all of our guests, partners and staff that we are treating this matter with the highest priority and will take all appropriate steps in response.

How did La Fonda respond?

We have reported the incident to federal law enforcement and are notifying state regulators as well as major credit reporting agencies.  In addition to immediate actions to isolate affected equipment and restore our systems from backups, we have taken a number of steps to further safeguard La Fonda’s systems and data, including conducting a global password reset, enabling geo-blocking, rebuilding affected workstations and servers, and installing advanced threat monitoring using Carbon Black, which is monitored 24/7 by an outside security operations center.  Our investigation is still ongoing to determine what data may have been accessed or impacted by this incident, with the assistance of our independent IT security and forensics experts.  In addition, we have retained data security legal specialists to assist in our thorough investigation and response.

What types of data were potentially impacted?

Our investigation has determined that the intruder removed certain company data from our systems, but we do not have any indication at this time that any customer data was involved.  Investigators also have not been able to isolate details about specific records that were accessed or the exact data they may have contained.  Therefore, out of an abundance of caution we are providing public notice of the incident so you can have the information you need to take steps to help protect your identity and personal information.

Who was affected?  How do I know if it impacts me?

Our investigation to date indicates company data, not customer data, was impacted by the incident, but we are providing broad notice out of an abundance of caution so that everyone is aware of the incident and can take steps to protect their sensitive information.  Given the complex nature of the intrusion, we have been unable to obtain specifics about which files were accessed or removed and we are unlikely to obtain further details about the individuals impacted. 

Who was behind the unauthorized access and why did they do it? 

We do not know the identity of those behind the incident, but we are sharing information with federal law enforcement. The intruder used malicious software to disrupt and encrypt our systems, in a failed attempt to extort money from us in exchange for returning access to our systems.  Fortunately, we were able to restore our systems and data on our own, by using available backups in accordance with our data security program.

Were the Terrace Inn, Spa, or La Fonda Restaurants impacted by this?

We are still in the investigation process, but we understand that La Fonda’s tenant shops and the French Pastry restaurant were not impacted. 

Are your systems safe and secure now?

All our systems are currently operating safely and securely, in accordance with our enhanced security plans and protocols.

Do I need to take any steps to protect myself?

We want to make sure you have the information you need so that you can take steps to help protect your identity and personal information.  We encourage you to remain vigilant and to regularly review and monitor relevant account statements and credit reports and report any suspected activity of identity theft to local law enforcement, the New Mexico Attorney General’s office, and/or the Federal Trade Commission (FTC).

What if I discover or believe that my personal information has been misused as a result of this incident?

If you believe any of your sensitive information may have been impacted, or have any concerns or questions about the incident, you can email for more information, assistance, and support. 

Will you be providing more information or updates on the situation?

Given the complex nature of this incident and the difficulty in tracking the unauthorized activity, we are not optimistic that additional details will become available as our investigation concludes.  However, should significant new information warrant updates, we will post them on our website.