Despite recent promises by the hotel industry to tackle the damaging issue of malware attacks targeting its point-of-sale systems, it seems the cybercriminals are always able to stay one step ahead.
On Monday, HEI Hotels and Resorts, which operates a number of high-end locations for the likes of Starwood, Marriott, Hyatt, and Intercontinental, said a data breach had hit 20 of its hotels in the U.S.
It was discovered in June on payment systems used by hotel facilities such as restaurants, bars, spas, and lobby shops, HEI spokesperson Chris Daly told Reuters.
The company said the attack could’ve given hackers access to “the payment card information of certain individuals who used payment cards at point-of-sale terminals, such as food and beverage outlets, at some of our properties.”
Information on the specific hotels hit by the malicious software, and when it was active, has been laid out on a special webpage posted by the company so customers can check if they may have been caught up in the attack.
The malware was active from March 1, 2015 through June 21 this year, and hit premises that include 12 Starwood hotels, 6 Marriott International locations, 1 Hyatt site, and 1 InterContinental hotel.
Tens of thousands of transactions took place on the hotels’ targeted point-of-sale terminals, though Daly said it was currently hard to say how many customers had been hit as a single card may have been used multiple times by its owner.
About 8,000 transactions occurred during the affected period at the Hyatt Centric Santa Barbara hotel in California, for example, and about 12,800 at the IHG Intercontinental in Tampa, Florida, Daly told Reuters.
In a statement, HEI offered the usual assurances about taking its responsibility “very seriously,” adding that it has “mounted a thorough response to investigate and resolve this incident, bolster our data security, and support our customers.” The company offers an FAQ page on the incident here.
Cybercriminals who manage to nab credit card data often try to sell it via illicit hacking forums, with buyers hoping to use it for online shopping sprees or to withdraw money from bank accounts.
- Hackers expose personal details of 10 million MGM hotel guests
- Marriott faces $123M fine for huge data breach that targeted millions of guests
- Marriott asking guests for data to see if they were victims of the Starwood hack
- InterContinental confirms hotels affected by malware that steals card data
- Trump hotels reportedly hit by second data breach in 12 months