In-brief: Twenty US hotels operated by HEI Hotel & Resorts on behalf of Starwood, Marriott, Hyatt and Intercontinental are the victims of a hack focused on point of sale systems, media reports say.
ZDNet and other outlets are reporting that the string of attacks on point of sale (POS) systems operating in leading hotels has expanded to include twenty US hotels operated by HEI Hotel & Resorts on behalf of Starwood, Marriott, Hyatt and Intercontinental.
The hotels “may have leaked the financial data of customers due to malware installed at PoS terminals and systems, including at bars, restaurants, spas and shops.”
Hotel properties in cities including San Francisco, Chicago, Arlington and Washington DC were included in the data breach. Malware was active at different stages depending on the property, but customer data was exposed between 2015 and 2016.
This is just the latest high-profile hotel chain to suffer a breach. In November, Starwood Hotel admitted that it was the victim of a malicious software infection on point of sale (POS) systems at restaurants. In September 2015, The Trump Hotel Collection disclosed a similar incident, beginning in May, 2014 and running through June, 2015, that resulted in “unauthorized malware access” to computers that host the hotel’s “front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels managed by the Trump Hotel Collection.”
As with the Starwood incident, attackers made off with card data including payment card account number, card expiration date and security code. In some cases, card holder first and last name may also have also been pilfered.
Read more at ZDNet: 20 top US hotels hit by fresh malware attacks | ZDNet