Offers Year of Credit Repair

Holiday Valley President and General Manager Dennis Eshbaugh has informed customers in a letter on the resort’s website of a data security breach.

The breach occurred between October 17, 2014 and June 2, 2015.

According to a question and answer (Q&A) section also posted on the website, “As soon as Holiday Valley Resort learned of the incident, we immediately engaged a third-party forensic service provider to conduct an investigation and implement additional security measures and notified the U.S. Secret Service and card payment processing companies, which, in turn, notified affected financial institutions. While the investigation…continues, the attack has been contained.”

The Q&A goes on to say that, “Holiday Valley Resort is unable to match account numbers with full contact information of affected guests,” so was not able to notify customers directly.  However, “affected financial institutions…may have contacted you directly.”

The letter is reprinted here in its entirety. Both it and the Q&A can be found at www.

Stay tuned to the Ellicottville Times and our Facebook page for updates.

Letter to Customers from Holiday Valley President Dennis Eshbaugh:

Dear Holiday Valley Customer:

I’m sorry to report that Holiday Valley was the victim of a data security breach between October 17, 2014 and June 2, 2015 at points of sale including food and beverage, recreation, retail and lodging.

Holiday Valley guests who used or visited the resort during this period and used a credit or debit card may have had their card information compromised. We encourage you to review your statements from that time period or contact your card issuer if you view any fraudulent activities.

As soon as we learned of the possible security breach we immediately launched an extensive investigation led by our independent computer consulting company and a third party to conduct a detailed forensic review. They have now removed the malware, and have taken steps to prevent it from reoccurring.

Holiday Valley deeply regrets any inconvenience caused by this criminal attack. We are offering one year of credit repair services to any guest whose credit has been harmed from this incident through AllClear Secure. Information on AllClear Secure will be posted on this website on June 17, 2015.

Your credit card issuer has also been made aware of this situation. Please contact your credit card issuer if you have any questions or concerns. They may take actions such as increasing their fraud monitoring of your card or issuing you a new card. If you suspect any unauthorized activity on your card, report it immediately to your card issuer. The policies of brands like Visa, MasterCard, American Express and Discover provide that you have no liability for any unauthorized charges, providing you report them in a timely manner.

You also have the option to place a fraud alert on your credit files. An “initial” fraud alert, which lasts for 90 days, requires potential creditors to use reasonable policies and procedures to verify a customer’s identity. To place an alert call one of these three credit reporting agencies:

Experian (888) 397-3742

Equifax (800) 525-6285

TransUnion (800) 680-7289

A free copy of your credit report is available by calling (877) 322-8228 or by visiting

For more information we have prepared a question and answer section for you here.

We are truly sorry for this situation. We take this issue very seriously and apologize for any inconvenience.


Dennis Eshbaugh

President and General Manager

Holiday Valley Resort