Hilton Worldwide has become the latest hotel chain to reveal that it suffered a breach leaking the credit card information of guests.
Confirmation of the Hilton breach comes just days after Starwood Hotels – which owns Sheraton and Westin – alerted customers that some payment card data held by the group had been compromised.
In recent months, the Mandarin Oriental group, the Trump Hotel Collection, Hard Rock’s Las Vegas Hotel & Casino, the Las Vegas Sands casino, and FireKeepers Casino and Hotel have all been hit by data breaches that exposed the payment card details of customers.
Hilton Worldwide said the malware found its way onto point of sale (PoS) systems and enabled attackers to steal payment card information.
That stolen information includes cardholder names, payment card numbers, security codes and expiry dates.
Although the information does not include addresses and card personal identification numbers (PINs), the exposed data could enable attackers to create fake cards and make purchases online, by phone or mail order.
The company, which owns 4,500 hotels, has not disclosed how many could be affected by the hack, but has advised all previous customers who paid with credit cards to take precautions.
Hilton Worldwide did not say whether the breach included or was limited to compromised PoS devices inside franchised restaurants, coffee bars and gift shops in Hilton properties
"Hilton Worldwide is strongly committed to protecting customers' payment card information, and we sincerely regret any inconvenience this may have caused customers," the company said in a statement.
As a precautionary measure, the hotel group advised customers to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel between 18 November and 5 December 2014, and between 21 April and 27 July 2015.
“Customers generally are not responsible for fraudulent activity on their payment cards, and should contact their financial institution directly if they notice any irregularities. They can also visit hiltonworldwide.com/guestupdate for more details, including how to receive one year of complimentary credit monitoring,” the company said.
Read more about PoS malware
- The theft of credit card data from the Mandarin Oriental hotel group highlights the security risk of legacy point of sale (POS) systems.
- A family of improved malware is targeting retailers’ point of sale (PoS) systems, say researchers.
- Cyber criminals will ramp up attacks on point of sale (POS) systems, according to the 2015 cyber trends and threat analysis by Verisign.
- The compromise of point-of-sale (POS) system supplier Nextep highlights the need to update legacy systems.