What is the consequence of a Compromised Data Event or Data Security Event for Even Hotels?

• 4.4 Your Compromised Data Event. If a Compromised Data Event (as defined in Section 4.8) occurs or is suspected to have occurred, you must, at your own expense: (a) perform or cause to be performed an independent investigation, including a forensics analysis performed by a certified forensic vendor acceptable to us and the Card Organizations in accordance with Card Organization standards, of any data security breach of Cardholder data or Transaction Data; (b) provide a copy of the certified forensic vendor's final report regarding the incident to us and the Card Organizations; (c) perform or cause to be performed any remedial actions recommended by any such investigation; and (d) cooperate with us in the investigation and resolution of any security breach. Notwithstanding the foregoing, if required by a Card Organization, we will engage a forensic vendor approved by a Card Organization at your expense. You must cooperate with the forensic vendor so that it may immediately conduct an examination of your equipment and other Merchant Systems, and your and Merchant Providers' procedures and records, and so that it may issue a written report of its findings.
• 4.5 Our Data Security Event. If we are determined by a Card Organization to have breached our data security obligations under Applicable Law or the Card Organization Rules, resulting solely from our independent acts or omissions which results in the actual, unauthorized disclosure of personally identifiable consumer information, including but not limited to Cardholder data that is submitted to us by you hereunder, (a “Data Security Event”), we will be responsible for performing each of the actions set forth in subparts (a) and (c) of Section 4.4.

Source: Item 23 — RECEIPTS (FDD pages 99–438)