Tens-of-thousands of card details put at risk in hotel hack
Marriott, Hyatt, Starwood and IHG hit by POS malware
Customers at 20 US hotels may have had their credit card details exposed to hackers after malware was discovered on the properties' point-of-sale (POS) systems.
The hotels are run by a hotel management business, HEI Hotels and Resorts, but operate under big-name brands like Marriott, Hyatt and InterContinental Hotels Group (IHG).
According to a statement from HEI, those at risk would have used their credit or debit cards to pay for services at the hotel properties, such as purchasing food or drink. The organisation has not stated whether or not POS transactions for accommodation have been affected.
Data stolen could include customer names and card account numbers, expiration dates and three-digit verification (CSV/CVV) codes.
The company added: "HEI was recently alerted to a potential security incident by its card processor. Based upon an extensive forensic investigation, it appears that unauthorised individuals installed malicious software on our payment processing systems at certain properties designed to capture payment card information as it was routed through these systems."
HEI is treating the incident as "top priority" and has managed to disable the malware. It is now in the process of reconfiguring and enhancing the security protocols of its network and payment systems. Law enforcement has also been informed.
Chris Daly, a spokesman for HEI, told Reuters over 20,000 transactions may have been affected by the malware. However, it's difficult to accurately calculate how many individuals or cards may be affected, he said, as multiple transactions may have legitimately been carried out on a single card.
IT Pro contacted the affected hotel chains but had not received a response at the time of publication. However, a full list of affected properties can be found here.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now