Data breach hits Hilton Worldwide hotel chain

Hilton Worldwide says malware found its way onto point of sale (PoS) systems and enabled attackers to steal payment card information

Hilton Worldwide has become the latest hotel chain to reveal that it suffered a breach leaking the credit card information of guests.

Confirmation of the Hilton breach comes just days after Starwood Hotels – which owns Sheraton and Westin – alerted customers that some payment card data held by the group had been compromised.

In recent months, the Mandarin Oriental group, the Trump Hotel Collection, Hard Rock’s Las Vegas Hotel & Casino, the Las Vegas Sands casino, and FireKeepers Casino and Hotel have all been hit by data breaches that exposed the payment card details of customers.

Hilton Worldwide said the malware found its way onto point of sale (PoS) systems and enabled attackers to steal payment card information.

That stolen information includes cardholder names, payment card numbers, security codes and expiry dates.

Although the information does not include addresses and card personal identification numbers (PINs), the exposed data could enable attackers to create fake cards and make purchases online, by phone or mail order.

The company, which owns 4,500 hotels, has not disclosed how many could be affected by the hack, but has advised all previous customers who paid with credit cards to take precautions.

Hilton Worldwide did not say whether the breach included or was limited to compromised PoS devices inside franchised restaurants, coffee bars and gift shops in Hilton properties

"Hilton Worldwide is strongly committed to protecting customers' payment card information, and we sincerely regret any inconvenience this may have caused customers," the company said in a statement.

As a precautionary measure, the hotel group advised customers to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel between 18 November and 5 December  2014, and between 21 April and 27 July 2015.

“Customers generally are not responsible for fraudulent activity on their payment cards, and should contact their financial institution directly if they notice any irregularities. They can also visit for more details, including how to receive one year of complimentary credit monitoring,” the company said.

Read more about PoS malware

Read more on Privacy and data protection

Data Center
Data Management