Thu, Nov 26, 2015 - Page 14 News List

Hackers hit Hilton hotels to steal credit card data

INDUSTRY-WIDE:The disclosure of the cyberattack, which used malware, follows similar cyberattacks against the Starwood and Trump Hotel Collection chains recently


US hotel chain Hilton on Tuesday revealed that hackers infected some of its point-of-sale computer systems with malware crafted to steal credit card information.

Hilton would not disclose whether data was taken, but advised anyone who used payment cards at Hilton Worldwide hotels between Nov. 18 and Dec. 5 last year, or between April 21 and July 27, to watch for irregular activity on credit or debit card accounts.

Malicious code that infected registers at hotels had the potential to take cardholders’ names along with card numbers, security codes and expiration dates, Hilton said in an online post.

Hilton said that it is investigating the breach with the help of third-party forensics experts, law enforcement and payment card companies.

The announcement came just four days after Starwood Hotels, which operates the Sheraton and Westin chains, said that hackers had infected payment systems in some of its establishments, potentially leaking customer credit card data.

The hack occurred at a “limited number” of its hotels in North America, according to Starwood, whose other well-known chains include St Regis and W Hotels.

Starwood said that an investigation by forensic experts concluded that malware was detected in some restaurants, gift shops and other points of sale systems at hotels.

“The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date,” the group said in a statement.

The cyberattacks on Hilton and Starwood sounded similar to one disclosed last month by Trump Hotel Collection.

“We believe that there may have been unauthorized malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels,” Trump Hotel Collection said.

The access might have taken place between May 19 last year and June 2 this year, Trump Hotel Collection said.

Locations affected were listed as Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas and Trump International Toronto.

An independent forensic investigation did not turn up evidence that customer information was removed, but not was provided by Trump hotels in “an abundance of caution,” according to Trump hotels.

Data targeted by the malware appeared to include account numbers, card expiration dates and security codes.

Cyberthreats blogger Brian Krebs at placed fault on slow adoption in the US of encrypted chip technology on payment cards that provide more protection for data than magnetic strips.

This story has been viewed 2124 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top