Norwalk, Connecticut-based HEI, which is privately held, said malware created to collect card data was found on HEI’s systems.
Advertisement
It remained unclear whether the breach had anything to do with a larger hack involving Oracle’s point-of-sales systems used by hotels and restaurants around the world.
Compromised PoS systems other U.S. hotel groups in recent years, including the Mandarin Oriental hotel group, the Hilton Worldwide hotel chain and the Trump Hotel Collection. It is now in the process of reconfiguring and enhancing the security protocols of its network and payment systems. Such high-profile hacks have encouraged retail industries in the United States to phase magnetic stripe cards out in favor of chip-based credit and debit cards, although rollout of the new system has been spotty as vendors are slow to buy the new terminals to read the chip cards.
The time frame of the breach varies by property, but runs from the beginning of March 2015 through the middle of June 2016.
HEI operates about five dozen hotels nationwide, also including the Holiday Inn Express Snowmass Village, but that property was not on the list of affected hotels. “If you did not make a credit or debit card purchase at a point-of-sale terminal at these locations during this timeframe your information was not impacted”.
The company says the breach has been contained and customers can safely use cards at all its properties.
It said it would cooperate with investigations by federal law enforcement. “Please accept our honest regret for any concern or frustration that this incident may cause”.
Advertisement
There were approximately 8,000 transactions at the Hyatt Centric Santa Barbara hotel in California during the time of the breach. The company will answer customer questions and provide them with more info via the following phone number: 888-849-1113. HEI said it worked with data forensic experts to investigate the data breach and moved payment card processing to a “stand-alone system” separate from the rest of the firm’s network. As a result, many thieves have moved on to target more lucrative information such as health care data.
