The international hotel group confirmed on Tuesday that hackers targeted its point-of-sale systems in hotel restaurants, cafes, bars, and stores with malware designed to collect “cardholder names, payment card numbers, security codes, and expiration dates.” However, it added that no addresses or card personal identification numbers had been stolen.
The breach occurred at Hilton hotels, which include others in its group such as Embassy Suites, Doubletree, Hampton Inn and Suites, Homewood Suites, Conrad Hotels & Resorts, and Waldorf Astoria Hotels & Resorts, over a 17-week period from November 18 to December 5, 2014, and April 21 to July 27 this year, the company said in a release, adding, “You may want to review and monitor your payment card statements” if you used a card during any of the dates mentioned.
The incident first came to light in September this year when high-profile security expert Brian Krebs reported that “multiple sources” in the banking industry had uncovered evidence of credit card fraud that suggested hackers had “compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton hotel” locations.
We’ve asked the company why it took so long to confirm to its customers a security breach that others appeared to be aware of several months ago and will update if we hear back.
Hilton on Tuesday advised its customers to contact their financial institution directly should they detect any irregular activity on their card statements.
In a bid to reassure visitors to its hotels, the company said it’d “further strengthened” its systems and was currently working with law enforcement to try to identify the hackers.
The point-of-sale systems of high-end hotel groups are clearly a popular target for hackers. Just last month the Trump hotel chain confirmed a year-long data hack while back in March Mandarin Oriental reported a malware attack at a number of its hotels around the world.
Editors' Recommendations
- Does your Mac need antivirus software in 2024? We asked the experts
- Bing Chat just beat a security check to stop hackers and spammers
- Lapsus$ hackers convicted of breaching GTA 6, Nvidia, and more
- Is ChatGPT creating a cybersecurity nightmare? We asked the experts
- Hackers may have stolen the master key to another password manager
