Luxury hotel chain Hilton has revealed that some of its payment systems have been infected with malware that organised the theft of targeted customer information.
Cardholder names, payment card numbers, security codes and expiration dates were among the information targeted by the malware, which infected POS (Point of Sale) systems in hotels.
However, no addresses or personal identification numbers (PINs) were stolen, Hilton added, saying that it quickly eliminated the malware, which was uncovered by a third-party investigation authorised by the company.
Anyone who thinks they may have been affected by the breach is being offered a year’s worth of free credit monitoring.
“On behalf of Hilton Worldwide, we sincerely regret any inconvenience related to our recent announcement that we identified and eradicated unauthorised malware that targeted payment card information in some point-of-sale systems at our hotels,” Jim Holthouser, Hilton’s executive vice president of global brands, wrote in a statement.
“You have my personal assurance that we take this matter very seriously, and we immediately launched an investigation and further strengthened our systems.”
The hack is the second to affect a major hotel chain in a matter of days, after Starwood Hotels revealed it had suffered a similar breach of its payment systems.
The company said 54 North American locations were compromised by point-of-sale malware, which was designed to steal payment card information including cardholder name, card number, security code and expiration date.
The breaches shows that hospitality service providers face extraordinary challenges with customer data security at point of sale (POS), security experts have said.
“Point of sale (POS) systems – what consumers often call the checkout system – are often the weak link in the chain and the choice of malware,” said Mark Bower, HPE Security’s global director of product management, enterprise data security.
“Risks of theft from point of sale (POS) malware is totally avoidable. The good news is that savvy merchants are already tackling this risk and giving the malware nothing to steal through solutions that also have a dramatic cost reducing benefit to PCI compliance. Encrypting the data in the card reading terminal ahead of the POS eliminates the exposure of live information in vulnerable POS systems. No live data means no gold to steal. Attackers don’t like stealing straw.”
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…