Hilton hotels has reported a point of sales system (POS) malware attack similar to Starwood Hotels & Resorts’.
The hotel chain said that some of its systems had been attacked by malware, and that it has identified and taken action to eliminate it.
The company investigated the matter with third-party forensics experts, law enforcement, and payment card companies.
Specific card information including cardholder names, card numbers, security codes and expiration dates were exposed.
Hilton claimed that the malware was unable to access Hilton guests’ addresses or personal identification numbers (PINs).
In Starwood’s case, card numbers, security codes, and expiration dates were exposed by the malware.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThe hotel chain also revealed that cards used at a Hilton Worldwide hotel between 18 November to 5 December 2014, or 21 April to 27 July 2015, will have had their information stolen.
Hilton Hotel said: "Hilton Worldwide is strongly committed to protecting customers’ payment card information, and we sincerely regret any inconvenience this may have caused customers."
HPE Security Enterprise Data Security global director Mark Bower said: "Once again with last night’s news of a payment card data breach at Hilton Hotels, we see that hospitality service providers face extraordinary challenges with customer data security at point of sale (POS).
"Card-on-file transactions are common, meaning card data is often stored longer to maintain customer bookings and for resort service charges after check-in.
"However it’s important to note, especially going into the busy holiday season, that hospitality organisations, as well as retailers and any businesses using POS systems, can avoid the impact of these types of advanced attacks."
Bower suggests companies encrypt the data in the card-reading terminal prior to using POS. He also recommends that POS should be isolated from other networks to avoid infection.