Numerous U.S. Hotels Experience Data Breach, Payment Card Data May Have Been Divulged

Malware designed to collect credit card information was detected on systems at 20 hotels

Numerous U.S. Hotels Experience Data Breach, Payment Card Data May Have Been Divulged
Image: Pixabay
August 15, 2016

A data breach has occurred at 20 U.S. hotels that may have exposed payment card information stored from tens of thousands of customer transactions.

The affected hotels are operated by HEI Hotels and Resorts for Starwood, Marriott, Hyatt, and Intercontinental, reports Reuters. One Hyatt, one InterContinental, and 12 Starwood hotels were affected, as well as six Marriott International properties.

The malware was active for more than a year, from March 1, 2015 until June 21, 2016. 14 out of the 20 hotels experienced a breach after December 2, 2015.

It is difficult to ascertain how many customers were affected because they may have used the same card for multiple transactions, said HEI spokesman Chris Daly. Approximately 8,000 transactions took place during the affected period at California's Hyatt Centric Santa Barbara hotel, for example, while roughly 12,800 occurred at the IHG Intercontinental in Tampa, Florida.

Although hackers may have obtained much information from the HEI systems, it could have been worse. "HEI said outside experts investigated the breach and determined that hackers might have stolen customer names, account numbers, payment card expiration dates and verification codes," said Reuters. "The hackers did not appear to have gained PIN codes, since those are not collected by its system."

Federal authorities have been informed, and HEI is now using a new payment processing system separate from other parts of its network in an effort to prevent similar breaches from recurring.

The affected properties include Starwood's Westin hotels in Minneapolis, Pasadena, Philadelphia, Washington, D.C., Fort Lauderdale, and Snowmass, Colorado; other Starwood properties in Arlington, San Francisco, Miami, Nashville, and Manchester Village, Vermont; and Marriott properties in Minneapolis, San Diego, Dallas-Fort Worth, and Boca Raton, Florida.

"The breach follows similar attacks at Hyatt Hotels Corp (H.N) and Starwood Hotels & Resorts Worldwide Inc (HOT.N) in recent months," says Reuters.