Card payment systems at 20 hotels around the USA, including Starwood, Marriott, Hyatt and Intercontinental locations, have been affected by a data breach that may have resulted in the theft of card data used in tens of thousands of transactions at food, drink, retail and other outlets, according to HEI Hotels & Resorts, which operates the hotels affected.
Advertisement
A new swathe of USA hotels has fallen prey to point-of-sale (PoS) malware which may have exposed customer financial data.
Hotel properties in cities including San Francisco, Chicago, Arlington and Washington DC were included in the data breach. The attacks at 20 properties were from March 2015 to June 2016.
The Connecticut-based firm said on Sunday that malware created to collect card data was found on its systems, Reuters reported.
According to a statement from HEI, those at risk would have used their credit or debit cards to pay for services at the hotel properties, such as purchasing food or drink. It is now in the process of reconfiguring and enhancing the security protocols of its network and payment systems.
“We take the security of personal information very seriously, and sincerely apologise for any inconvenience or concern this incident may cause”. Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings, Neiman Marcus have also reported data breaches through their point-of-sale systems. However, it’s hard to accurately calculate how many individuals or cards may be affected, he said, as multiple transactions may have legitimately been carried out on a single card.
Those who have stayed at these resorts will have to contact the hotel operator themselves if they believe their data is being used fraudulently due to the breach, as HEI says not enough information is stored to locate past customers.
HEI said the infection appeared to have gained access to card processing units following a hack of another part of the company’s computer network, and said it has now installed a payment processing system separate from the rest of the network.
Advertisement
Customers can ring a free number for advice, but no free credit monitoring – which has become something of a staple after a data breach involving customers – is yet on offer.
