Hilton Investigates Major Card Security Breach Claims

Hilton Worldwide confirmed it is investigating a report that claimed a large number of point-of-sale devices at gift shops and restaurants within its hotels across the US have been hacked, amid indications the incident may have begun as early as last year.

“The possibility of fraudulent credit card activity is all too common for every company in today’s marketplace,” Hilton said in a statement. “We take any potential issue very seriously, and we are looking into this matter.”

Card breach

Security journalist Brian Krebs, who has disclosed a number of high-profile data breaches, said in a report published late on Friday that unnamed sources at five banks determined an earlier credit-card industry breach alert pertained to Hilton properties.

Visa, which issued the original confidential alert to financial institutions in August, doesn’t name entities affected by such breaches in its notifications.

However, the point-of-purchase devices affected in the breach were all used at Hilton properties, including flagship locations, Embassy Suites, Doubletree, Hampton Inn and Suites and Waldorf Astoria Hotels & Resorts, according to Krebs’ sources.

Point-of-sale hack

The original alert indicated that the breach extended from April 21 to July 27 of this year, but the incident may have begun as early as November 2014, and may be ongoing, according to Krebs, who cited unnamed sources in the financial industry.

As has been the case in other recent credit-card breaches at major hotel chains, including those at Mandarin Oriental and White Lodging, the incident doesn’t involve the payment systems of the hotel itself, but only point-of-sale devices within franchised restaurants, coffee bars and gift shops within the properties.

It isn’t yet known how many properties may have been affected, according to Krebs. Hilton Worldwide declined to elaborate on its statement.

Are you a security pro? Try our quiz!