Card payment systems at 20 hotels around the U.S., including Starwood, Marriott, Hyatt and Intercontinental locations, have been affected by a data breach that may have resulted in the theft of card data used in tens of thousands of transactions at food, drink, retail and other outlets, according to HEI Hotels & Resorts, which operates the hotels affected.
Advertisement
HEI says it found malware in its system at 20 hotels across the country and says that data collection may have started as early as March, 2015.
The malware may have stolen payment card data during tens of thousands of food, drink and other transactions. HEI Hotels stresses that all of the payment card processing systems at its hotel properties are safe to use.
Potentially affected customers are encouraged to check their account statements to look for unusual activity and to contact their card companies if they flag any suspicious purchases.
HEI said it has upgraded its payment process.
The Westin Philadelphia, located at 99 South 17th Street in Center City, was the only local hotel on the list.
“We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems”, HEI said in a separate FAQ.
It added, the affected California hotels, included the Westin Pasadena, Renaissance San Diego Downtown Hotel, San Diego Marriott La Jolla, Hyatt Centric Santa Barbara and Le Meridien San Francisco.
The number of affected customers is hard to calculate because they used their cards multiple times.
According to a spokesman for HEI, Chris Daly, the hotels’ payment processing systems exploited in restaurants, shops and other facilities, has been breached, what was revealed two month ago.
“HEI was recently alerted to a potential security incident by its card processor”, the company said in an online notice.
For more information on the malware attack at HEI properties, visit the company’s website.
Advertisement
Both credit cards and debit cards typically come with a zero-liability policy, meant to protect consumers from fraudulent and unauthorized charges.
