A new data breach targeting 20 US hotels operated by HEI Hotels & Resorts for Starwood, Marriott, Hyatt and Intercontinental has been uncovered. The customer financial data associated with tens of thousands of transactions has been compromised thanks to point-of-sale (PoS) malware.
Discovered in June, the malware was found on PoS systems used at restaurants, bars, lobby shops, spas, and other facilities. The systems could have been infected for more than a year and in some cases back to March 2015.
Since customers used their cards on multiple occasions, it’s difficult for investigators to pinpoint the exact number of people affected. During the time period the systems were infected there were 8,000 transactions at the Hyatt Centric Santa Barbara and 12,800 at IHG Intercontinental in Tampa, for example.
According to HEI, the company doesn’t store credit card number information, so the hackers probably recorded data from PoS terminals in real time. The cyberthieves were able to steal names, account numbers, expiration dates, and verification codes for associated cards. Fortunately, PINs weren’t taken since the systems don’t collect them.
HEI have alerted federal authorities and installed new payment systems, but if you are worried you may have been one of the customers whose data was stolen, you can check the list of hotels here. If it turns out that you did stay at one of the affected hotels, it would be a good idea to cancel your credit card and check your statements for suspicious activity.