Hotel operator HEI Hotels & Resorts has revealed that several of its properties may have recently fallen victim to a security breach involving its point-of-sale (POS) terminals (the kind used in gift shops, restaurants and so forth).

An extensive forensics investigation found malicious software on its payment processing systems that was designed to steal payment card information. Data potentially at risk includes user names, account numbers, card expiration dates and verification codes.

HEI says that 20 of its various locations were hit including Marriott, Hyatt, Le Meridien, Intercontinental, Sheraton and Westin brands. The full list of properties, their addresses and dates affected can be found by clicking here.

The company said it has since removed the malware and is in the process of reconfiguring various components of its network and payment systems to enhance its overall security. HEI has law enforcement involved and is working with banks and payment card companies on the matter, adding that customers can once again safely use payment cards at all of its properties.

Those who may be impacted by the breach are encouraged to review credit and debit card account statements to look for unusual activity. If something suspicious is found, users should contact their card issuer immediately to resolve the matter. HEI has also published an “Information About Identity Theft Protection” reference guide to further educate users about identity theft.

Image courtesy Brian A Jackson, Shutterstock