Archives

Published on:

19 July 2017

Hotels rely on third-party vendors to help run their properties efficiently, and often must give them access to sensitive guest data. This leaves hotels vulnerable to cyber attacks; they’re only as secure as their vendors are, and may find themselves directly liable for a data breach.  My partner Bob Braun, senior member of JMBM’s Global Hospitality Group® and co-chair of JMBM’s Cybersecurity and Privacy Group, discusses recent hotel cybersecurity breaches and how hotel owners can protect themselves.

Hotel data breaches
It’s not you, it’s your “friends”
by
Robert E. Braun

July was another notable month for hotel data breaches – on a single day, several well-known hotel brands and managers, including Four Seasons, Trump Hotels, Hard Rock Hotels & Casinos and Loews Hotels all announced that customer data may have been compromised as a result of a security failure. Each of the incidents is related to Sabre Hospitality Solutions’ credit card data breach in its SynXis hotel-reservations system, which Sabre first announced in a quarterly filing with the Securities and Exchange Commission on May 17. Based on Sabre’s investigation, Sabre announced that the breach was contained to “a limited subset of hotel reservations,” but the incident did allow an unauthorized party to access cardholder names, payment card numbers, card expiration dates, card security codes for some, and, in some cases, guest name, email, phone number and address.

Moreover, the duration of the breach was long quite long. Sabre’s investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016, and the last access to payment card information was on March 9, 2017. The hackers had potential access for seven months.

CONTINUE READING →

Published on:

1 February 2017

Theft of confidential data by hackers is a major threat to businesses worldwide and the hotel industry is no exception. Hoteliers remain vulnerable to hackers seeking confidential information such as guests’ credit card data and employees’ personal information. They are also vulnerable in other ways. In a recent hotel breach, the hackers did not go after confidential data, but rather sought a ransom payment after taking control of the hotel’s technology. My partner Bob Braun, senior member of JMBM’s Global Hospitality Group® and co-chair of JMBM’s Cybersecurity and Privacy Group, describes what happened, and shares what hotels can do in response to such threats.

Hotels and Ransomware — Something Special
by
Robert E. Braun

Last year, at the Global Hospitality Group’s Meet the Money™ Conference, I participated in a panel on Cybersecurity and we discussed how cybersecurity issues affect the hotel industry.  One of the comments was that hotels, more than most private industries, have to take into account the kind of physical harm that might be done by a hacker. We noted that not only are guest information systems targets, but also the life and safety systems – HVAC, elevators, electricity and so on.  We concluded that while financial theft could impact a hotel and its reputation, a hack of the physical structure of a business could put the hotel out of business.

Locked Out

Our discussion turned out to be prescient when, this week, Romantik Seehotel Jaegerwirt, in the Austrian Alps, had their systems frozen by hackers, which resulted in the complete shutdown of hotel computers.

The 111-year-old hotel had already been targeted by hackers twice.  This time, however, the hackers breached the key card system, made it impossible for guests to enter their rooms and prevented the front desk from reprogramming cards.

The hackers demanded €1500 in Bitcoin, promising that control of the key card system and room locks would be returned.  Management of the hotel, fully occupied at the beginning of the winter season, chose to pay the ransom, rather than attempt a solution that could have taken significant time and harmed their 180 guests. CONTINUE READING →

Published on:

6 January 2017

ADA Hospitality Defense and Compliance Lawyer: Hotel mixed-use projects have proliferated over the past decade or two — projects that combine a hotel with retail, residential, entertainment, office and other uses. In recent years, many of these projects combine hotel and shopping center elements. We are big fans of hotel mixed-use.

Over the years, we have written about the numerous advantages that accrue to both hotels and shopping centers, when hotels are added to the right shopping or retail center.  One study showed that the right hotel can boost gross sales at shopping centers 20% – 40% — and hotels can get 30% – 40% RevPAR advantage over hotels in their competitive set.

But those of you with these hotel in mixed-use projects with shopping centers or other retail elements know that mixed-use projects inject numerous additional legal and business issues that hoteliers usually don’t deal with in stand-alone hotel projects. One such critical issue is that of “common areas.”

In the article below, my partner, Marty Orlick, writes about one aspect of common area liability that you may have overlooked in defense to ADA violations. Of course, the ultimate analysis will depend on the precise facts of the situation at hand and the structure of the hotel’s participation in the mixed-use project — particularly whether or not the hotel is owned in fee or is a tenant in the project.

How many judges does it take to rule that shopping center tenants
are not liable for ADA violations in common areas?
by
Marty Orlick

First published in the October 2015 issue of the California State Bar’s Real Property Law Section E-Bulletin

Congress passed the Americans with Disabilities Act of 1990 (“ADA”) “to provide clear, strong consistent, enforceable standards addressing discrimination against individuals with disabilities” in employment, public accommodations, transportation and federal, state and local government services. 42 U.S.C.§12101(b)(2). Title III of the ADA applies to public accommodations including shopping centers, theaters, arenas, restaurants, health clubs, hotels, banks, public space in office buildings, and nearly every manner of retail premises. Virtually every leased location which serves the general public and is engaged in commerce is subject to the accessibility requirements of the ADA. CONTINUE READING →

Published on:

7 November 2016

Hotel Lawyer on multi-branded hotels.

Hotels with more than one brand are increasingly common, but it wasn’t always so. Although some compelling advantages are driving this trend in many situations, developers and owners should weigh the advantages against other considerations.

My partner Bob Braun is a senior member of our Global Hospitality Group® and has experience with many hundreds of hotel management and franchise agreements. Bob is also co-author of the Hotel Management Agreement & Franchise Agreement Handbook (3rd edition), and has first-hand experience with branding and management for every major traditional hotel brand, including a number of multi-branded properties. Today he explores the phenomenon in greater detail.

Dual-branded & multi-branded hotels:
Opportunities and challenges
by
Bob Braun, Hotel Lawyer

The trend of dual-branded and multi-branded hotels

Over the past few years, the popularity of multi-branded properties has exploded. Less than a decade ago, a dual-branded hotel was an oddity. Then dual branding became more common, and some properties began to use more than two brands, so “multi-branding” was born in the hotel industry. In the early days, multi-branding resulted from unique circumstances. Today, it is driven by a number of factors discussed below, and there are nearly 100 properties with multiple brands and nearly that many again in construction. CONTINUE READING →

Published on:

21 September 2016

Have you noticed the explosion of new brands from hotel companies over the past few years? At JMBM, we do a lot of work with branding through license agreements, management agreements and other arrangements. So we asked my partner Bob Braun to give us some insights on what this is all about and what significance it has.

Here are Bob’s thoughts, along with some practical advice on what owners and developers should do in this situation.

Hotels – Brand Expansion or Brand Explosion?
by
Bob Braun, Hotel Lawyer

Consumer oriented companies commonly use “brand extension” to launch a new product by using an existing brand name on a new or related product, often in a different category. These companies use brand extension to leverage their existing customer base and brand loyalty to increase profits with a new product offering. CONTINUE READING →

Published on:

 

Alice Gao, Senior VP of ICBC USA, speaks with Bob Braun, senior member of JMBM’s Global Hospitality Group® at JMBM’s 2016 Meet the Money® – the national hotel finance and investment conference. Alice explains the structure of ICBC USA, discusses interest rates, and Chinese immigrant investment in U.S. gateway cities.

A transcript follows the video. See other videos in this series on the Jeffer Mangels YouTube channel.

Bob Braun: I’m here with Alice Gao, who’s a Senior Vice President of ICBC USA. Alice, thank you very much for coming and spending a little time with us today.

Alice Gao: Thank you very much.

Bob Braun: Alice, I’d like to ask a few questions which I think you’re very suited to in your position with ICBC. One question I’d like to ask is, what kind of projects are the bank most interested in lending to these days? Are there things that attract you more than others, or are more interested in than others these days?

Alice Gao: Well, let me just start with a brief introduction of our bank. I’m very excited that as of December 2015, the bank continues to be ranked as the number one largest bank in the world by total assets of $3.6 trillion, and also as number one on tier one capital, about $215 billion. We are also ranked number one by net profit of $44 million. So, with that, in the U.S., we have four financial institutions. So, the four together provide a full array of products and services. The first financial institution is ICBC Financial Services: it’s a broker dealer of security services. And we also have ICBC Standard Bank, which is a financial market and commodity bank based in New York. We also have ICBC New York Branch, which is a wholesale bank of ICBC Group. And lastly we have ICBC USA, a Federal Charter full licensed bank, FDIC insured.

So, ICBC USA has thirteen branches and one service center. We have three branches in New York, ten branches in California, one service center in Seattle. Together with these four financial institutions, physical locations and e-banking platform, we offer not only traditional deposits and loan services, we also offer a variety of products such as cash management, trade finance, treasury and also foreign exchange. Our strongest point to distinguish us from others is we do offer variety of services of onshore and offshore renminbi products.

Bob Braun: So most of the lending that you would do on hotels is through ICBC?

Alice Gao: Most of the lending for hotels is through ICBC New York Branch and ICBC USA.

Bob Braun: And in terms of the type of lending you’re doing, does ICBC have any current priorities or any current trends that it sees? CONTINUE READING →

Published on:

 

Alan Reay, President of Atlas Hospitality Group, speaks with Robert Braun, senior member of JMBM’s Global Hospitality Group® at JMBM’s 2016 Meet the Money® – the national hotel finance and investment conference. They discuss the California hotel market including sales and purchases, pricing, RevPAR, financing, and the impact of the Marriott/Starwood merger and Airbnb.

A transcript follows the video. See other videos in this series on the Jeffer Mangels YouTube channel.

Bob Braun: I’m with Alan Reay of Atlas Hospitality. He’s the foremost hotel broker in California, I’d say. At least that’s what I tell my clients, and I’ve always been proved right. Alan, thanks very much for coming and talking to us today. I think you have your pulse on the market, certainly here in California, more than possibly anyone else. What do you see in the hotel market today? What kind of trends do you see?

Alan Reay: During the first quarter we’ve definitely seen a big drop off in sales in California. In the U.S., down 52%; in California, down 35%; that really has nothing to do with the economic fundamentals, because RevPARs are still increasing, profits are up and a lot of the numbers are positive throughout California. It has been a fundamental shift from a buyer’s sentiment in terms of how they’re looking at deals and how they’re pricing them. We had a lot of turmoil in the public markets, as you know, in the first few months of 2016, and a lot of REITs have pulled out of the market, and a lot of lenders have pulled out of the market. So that’s created a disconnect between what buyers and sellers expectations are on pricing, which in turn has created a big drop in hotel sales volume.

Bob Braun: Now do you think this creates an opportunity for people? Or is the lack of lending and the lack of interest something that’s just going to continue through the rest of the year? CONTINUE READING →

Published on:

 

Bill Blackham, President and CEO of Condor Hospitality Trust, speaks to Bob Braun, senior member of JMBM’s Global Hospitality Group® at JMBM’s 2016 Meet the Money® – the national hotel finance and investment conference. They discuss Condor’s transition from economy chain scale into select service, extended stay and limited service hotels,  RevPAR, and opportunities in the select service sector.

A transcript follows the video. See other videos in this series on the Jeffer Mangels YouTube channel.

Bob Braun: I’m with Bill Blackham of Condor Hospitality Trust. Bill, thanks very much for taking out the time to talk to us today. What are you currently working on? What’s Condor focused on these days?

Bill Blackham: Condor has been involved over the last year in a lot of different initiatives that involve the transition of the company from once being an economy chain scale-focused entity into a select service, extended stay and limited service hotel company, with a platform that is growing in that new investment strategy at the same time that we are divesting the old investment strategy hotels. Therefore, you have multiple things going on at the same time. Combined with a recent private placement of equity into the company with a new investor, it’s been a very busy time.

Bob Braun: So, what drove this shift from the economy (sector), up the ladder a little bit to the limited and select service?

Bill Blackham: I think that the potential for stock growth was far greater in the space that we’re now pursuing. One of the problems with the sector that the company had previously been in is that the average size hotel was very small. And in order to get to a very meaningful scale to justify being a public company, one would have to own four-, five-, six-hundred of those hotels, which is unwieldy from the standpoint of managing that platform.

I think that the platform that we’re going into also affords us the opportunity to have greater investor interest because it is a sector that continues to have above-industry growth in terms of demand, while at the same time is a space that has much higher margins than we are, as a company, traditionally in. So the higher margins combined with sort of a void in the space, the public company space of people that we’re going specifically after, the geographic markets that we’re pursuing, and the type of products that we’re pursuing really left an opportunity open to get highly accretive acquisitions.

Bob Braun: So this is an open space for you. Do you see yourself moving further? Do you see yourself ever developing into the full service area? CONTINUE READING →

Published on:

13 June 2016

To maintain the confidentiality of hotel data, STR imposes certain restrictions on the hotels for which it will provide competitive set data. The Marriott-Starwood merger is shaking up the world of competitive sets with the result that many owners will need to revise the competitive sets specified in their hotel management agreements.

As Bob Braun explains in the article below, considering the need to identify appropriate hotels for new competitive sets, and negotiation of amendments to hotel management agreements, it would probably be wise to start now on this process.

 

STR Adopts New Competitive Set Guidelines – Impact on Owners

by
Bob Braun, Hotel Lawyer and Data Security Advisor

The importance of the competitive set

Many hotel management agreements contain performance test standards allowing an owner to terminate a management agreement if the hotel fails to meet specified guidelines, and most of those tests incorporate a “RevPAR Test” – whether the hotel’s revenue per available room is comparable with a set of competitive hotels, its “competitive set.” The RevPAR test typically allows an owner to terminate a management agreement if the hotel’s RevPAR fails to meet a specified percentage, or index, of the competitive set’s RevPAR. Competitive sets can also be used to determine incentive pay or for other measures of performance, as well as projections of potential performance.

The competitive set data is typically provided by a single source: STR, Inc. STR has established itself as a unique provider of supply, demand, and overall performance data for the hotel industry by collecting financial performance and other information from a vast number of hotels in the United States, and using that information to create anonymized measures of performance. CONTINUE READING →

Published on:

10 May 2016

One of the great breakout sessions at our recent Meet the Money® hotel conference in Los Angeles was organized by my partner Bob Braun and moderated by Jeff Higley of HotelNewsNow. I was particularly impressed by the panel’s evidence of how costly cybersecurity breaches can be, how much can be done to prevent or limit exposure, and how reasonable the cost can be for a pro-active approach.

Here is Bob Braun’s summary of this panel last week in Los Angeles. This is a compelling call for an ounce of prevention. . .

 

5 Cybersecurity takeaways from Meet the Money®
by
Bob Braun, Hotel Lawyer and Data Security Advisor

Meet the Money® changes with the times, and the 2016 conference showcased the first panel on Cybersecurity in the hospitality industry – “Who’s Knocking at Your Digital Door,” featuring Bob Braun, from JMBM’s Global Hospitality Group and Co-Chair of the Firm’s Cybersecurity and Privacy Group; Bob Justus, of Optiv Security; Brad Maryman, from Maryman & Associates; Christian Ryan, from MARSH; and Kevin Shamoun, from Zeamster.  Jeff Higley, of STR/HotelNewsNow.com moderated the panel.

The panelists, representing technical, legal law, law enforcement, insurance and payment systems, identified key cybersecurity challenges for the hospitality industry.  Five key takeaways were:

  • Compliance does not equal security. Each of the panelists agreed that while meeting legal and business requirements is essential, compliance does not necessarily achieve real cybersecurity — completing checkboxes on a task list or questionnaire is only a first step. The panelists noted that each of the major hotel breaches in the last year, which involved every major hotel chain, implicated point of service credit card systems that complied with industry standards.  Hotels and hotel companies need to look beyond complying with standardized requirements and has to evaluate their own risk profile and apply meaningful security plans.
  • Informed response is better than instant response. Too many organizations make the mistake of reacting before they think, especially when reporting a breach. Data breaches can be complicated matters, and it is essential to understand the scope of the breach, the data and individuals involved, and how a firm can remediate the source of the problem before disclosure. There is no question that speed is important, but some breaches do not require notification, while acting without ascertaining the facts can require multiple notifications, which is damaging to reputation and sends the wrong message.
  • Credit cards are not the only risk. While much focus is placed on the theft of credit card numbers, hotels must consider other risks. Hotels and hotel companies hold massive amounts of sensitive personal information that can be used to steal a guest’s identity.  Moreover, hotels need to consider more than data; the interconnection of systems means that breaking into a financial structure can give a hacker access to door locks, heating and air conditioning systems, electrical, plumbing and other key structural and physical parts of the hotel.  What would happen if a hacker flooded a hotel, or opened the doors?  This damage can far exceed the damage from lost credit cards, and cause untold damage to the hotel, its brand and owners.

CONTINUE READING →