Another Hotel Chain Gets Hit: Hilton Reports Payment Card Breach

Another popular hospitality service provider has reported a breach, less than a week after the Starwood Hotel & Resorts data breach. Hilton Worldwide announced that it removed malware found in their point of sale (PoS) systems at restaurants and shops in certain Hilton hotels, including Waldorf Astoria, Embassy Suites, and Hampton Inn and Suites. Customers who used their payment cards between November 18 and December 5, 2014, or April 21 and July 27, 2015, may be affected by the info-stealing malware.

Like in the Starwood Hotels incident, Hilton customers’ personal information such as cardholder names, payment card numbers, security codes, and expiration dates are believed to have been compromised by the PoS malware, but no addresses or personal identification numbers (PINs) were affected. According to the company’s FAQ, Hilton initially identified the malware through its information security systems and processes. Management is currently working toward strengthening their security system and getting to the bottom of the attack through the help of third-party forensics experts, law enforcement, and payment card companies. The hotel chain is also offering a year of free credit monitoring services.

The malware responsible for the intrusion on the Hilton payment system and the extent of the attack has yet to be identified. Meanwhile, Trump Hotel Collection also suspects a card breach in its hotels and is investigating the matter.

Although small and medium-sized businesses were hit hard by breaches in the third quarter of this year, the recent data breach reports in hotel chains reflect the continuing uptick in the use of PoS malware to steal payment card data from large-scale enterprises.

[READ: Why PoS malware will continue to be a threat]

Last October, in high hopes of counteracting credit card fraud, the US has mandated a liability shift that forces credit card issuers and businesses to adopt more secure EMV credit cards.

[READ: Frequently asked questions on EMV cards]

Cardholders who may be affected are advised to review card statements regularly to catch any unauthorized activity, and to immediately report any unauthorized purchases or activity to their respective card issuers.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.