Hilton hotel chain confirms data breach that exposed payment information

Shawn Knight

TechSpot Staff
Staff member

Hilton Hotels has confirmed a security breach that experts first suspected as early as August. The attacks – some dating back more than a year – involved malware loaded on point-of-sale systems in some of Hilton’s restaurants and gift shops.

The hotel chain said in a press release that it has identified and taken action to remove the malware, adding that it immediately launched an investigation into the matter and strengthened its systems to prevent against future attacks.

Working with law enforcement, third-party forensics experts and payment card companies, Hilton determined that payment information including cardholder names, card numbers, security codes and expiration dates were targeted. The company said addresses and personal identification numbers weren’t compromised.

The malware was active between November 18, 2014 and December 5, 2014, as well as between April 21 and July 27 of this year. Hilton refused to disclose how many cards were impacted, instead urging customers to review and monitor their payment card statements if they stayed at one of the hotel’s locations during the aforementioned period.

Hilton’s portfolio includes Hilton Hotels & Resorts, Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Curio - A Collection by Hilton, DoubleTree by Hilton, Embassy Suites by Hilton, Hilton Garden Inn, Hampton by Hilton, Homewood Suites by Hilton, Home2 Suites by Hilton and Hilton Grand Vacations.

Hilton is offering those affected by the breach a free year of credit monitoring service through AllClear.

Permalink to story.



TS Evangelist
Wasn't it these blockheads that were forcing people and guests into using their extortionately priced wifi? If it was, it serves them right although the affected guests wound up getting a raw deal from them again.