Malware is believed to have infiltrated point-of-sale (POS) terminals and compromised customers' payment card information at 20 HEI Hotels & Resorts locations.
On 12 August, the hotel chain that operates Starwood, Marriott, Hyatt, and Intercontinental posted a message on its website about the incident. It reads as follows:
"Unfortunately, like many other organizations, we recently became aware that several of our properties may have been the victim of a security incident that could have affected the payment card information of certain individuals who used payment cards at point-of-sale terminals, such as food and beverage outlets, at some of our properties. We take very seriously our responsibility to keep our customers’ information secure, and have mounted a thorough response to investigate and resolve this incident, bolster our data security, and support our customers. We are pleased to report that the incident has now been contained and individuals can safely use payment cards at all of our properties. We are sorry for any concern or frustration that this incident may cause."
The malware affected a total of 12 Starwood hotels, six Marriott resorts, and one location of Hyatt and Intercontinental each. Those properties are located around the United States, with many based in large cities and popular tourist destinations.
According to its "Notice of Data Breach" letter, the company first found out about the breach after its card processor said it had detected suspicious activity on HEI customers' payment cards.
The hotel chain launched an investigation into the incident and found that malware had compromised some of its POS systems.
At this time, it's unclear how many people might have been affected by the breach. Chris Daly, a spokesman for HEI, told Reuters the malware was active from March 1, 2015 to June 21, 2016, with 14 of the hotels' POS systems infected after 2 December, 2015. In that time period, Daly says approximately 8,000 transactions occurred at the Hyatt Centric Santa Barbara hotel in California, with another 12,800 processed at the IHG Intercontinental in Tampa, Florida. It's only reasonable to assume the malware exposed all of those transactions and accessed card information as customers entered it into the payment processing systems.
In response to the incident, HEI Hotels & Resorts notified federal law enforcement and is supporting their investigation into the breach. The hotel chain also disabled the malware and revamped the security of its payment processing system.
This is not the first time Starwood and Hyatt locations have encountered malware on their payment processing systems. Back in November 2015, news broke about how 50 Starwood locations found malware on their payment systems. Approximately a month later, Hyatt Hotels announced it was investigating malware found on its POS terminals.
Any Starwood, Hyatt, or other HEI customers who believe their payment cards might have been affected by this round of POS malware should watch their credit reports for suspicious activity. If they find anything that's out of place, they should file a police report.
Comments
BinaryHedgehog - 8 years ago
This is why the best way to pay for anything is with cash. That way, not information can be revealed.
ScathEnfys - 8 years ago
This is why I use credit and not debit... I don't give a whit if hackers know my name and billing address (I own domains so that is public information), but I don't want to give them a direct line to my bank account that I am liable for.