According to the hotel operator HEI Hotels & Resorts, malware put into place in at least 20 locations may have collected names, card account numbers, card expiration dates and verification codes.
Advertisement
Among the properties affected were Starwood’s Westin hotels in Minneapolis; Pasadena, California; Philadelphia; Snowmass, Colorado; Washington, D.C.; and Fort Lauderdale, Florida.
The number of affected customers is hard to calculate because they used their cards multiple times.
“Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain properties created to capture payment card information as it was routed through these systems”, it said it a statement.
A list of the affected hotels can be found here. It had been discovered in June on payment systems used at restaurants, bars, spas, lobby shops and other facilities at the properties, Chris Daly, a spokesman for HEI, said in e-mails and phone calls. It was active from March 1, 2015 to June 21, 2016, with 14 of the hotels affected after December 2, 2015, HEI said on its website.
The malware was active from March 1, 2015 through June 21 this year, and hit premises that include 12 Starwood hotels, 6 Marriott International locations, 1 Hyatt site, and 1 InterContinental hotel. It said it continues to cooperate with the law enforcement investigation and is coordinating with banks and payment card companies.
The company said that it does not collect guests’ credit card information to contact potential victims, but urges customers to check their account statements.
Norwalk, Connecticut-based HEI, which is privately held, said malware created to collect card data was found on HEI’s systems.
Retailers and other companies that deal with large numbers of credit cards have become popular targets for hackers looking to make a quick buck by collecting and selling the information on the internet in bulk.
The company is recommending that people who stayed at the affected properties closely review their credit and debit card statements for unusual activity, and immediately report any suspicious charges to their card issuers.
Advertisement
For more information, visit the HEI website.
