HEI apologised to customers, saying the “incident has now been contained and individuals can safely use payment cards at all of our properties”.
Advertisement
In the latest major hospitality breach, 20 hotels run by HEI Hotels and Resorts, including Hyatt, Marriott, Starwood and Intercontinental properties, have been hit with point-of-sale malware.
“We believe the malware could have affected payment card data – including name, payment card account number, card expiration date and verification code – of customers who used a payment card at point-of-sale terminals at the affected properties”, the hotel group said. The breach impacted customers who spent money at the hotel from March 1 of 2015 to June 8 of 2016.
A list of hotels provided by HEI shows some properties were impacted by the malware as early as March of a year ago.
According to a Reuters report, hotels under attack include Starwood, Marriott, Hyatt and Intercontinental – all part of the HEI Hotels & Restaurants. A full list of the affected hotels can be found here. The company also switched to a standalone payment processing system to separate PoS transactions from the rest of its network. A couple years ago, massive breaches involving the thefts of millions of card numbers at retailers such as Target, Home Depot and Neiman Marcus grabbed headlines. If you do know something is not right contact your credit card company or your bank as soon as possible.
Anyone who used a card at HEI hotels in the given time frame should review their account statements.
Tens of thousands of transactions took place on the hotels’ targeted point-of-sale terminals, though Daly said it was now hard to say how many customers had been hit as a single card may have been used multiple times by its owner.
Advertisement
As with any breach, consumers are not liable for fraudulent charges on their credit cards. And once a breach such as this is disclosed, as a precaution, banks will often automatically issue new cards to any of their customers that potentially could be affected.
