Data breach hits top California hotels

16 Aug 2016

Credit card users at 20 Hyatt, Sheraton, Marriott, Westin and other hotels in the District of Columbia, California and nine other states might have had their cards compromised due to a hack of the hotels' payment system. The number of people affected had not been disclosed.

According to hotel operator HEI Hotels & Resorts, malware that hit systems at 20 locations including five in California, might have collected names, payment card account numbers, card expiration dates and verification codes.

Data from customers might have been collected from early December through late June, HEI said adding and at some properties data collection might have started as early as March 2015.

"We are treating this matter as a top priority, and took steps to address and contain this incident promptly after it was discovered," HEI said in a press release.

It added, the affected California hotels, included the Westin Pasadena, Renaissance San Diego Downtown Hotel, San Diego Marriott La Jolla, Hyatt Centric Santa Barbara and Le Meridien San Francisco.

According to HEI, once it found out about the problem, it transitioned payment card processing to a stand-alone system that was completely separate from the rest of its network. It disabled the malware and was in the process of reconfiguring various components of its network and payment systems to make them more secure.

HEI said, "unauthorised individuals" installed malware on its payment processing systems that that could capture payment card information at the point of purchase at some properties.

It remained unclear whether the breach had anything to do with a larger hack involving Oracle's point-of-sales systems used by hotels and restaurants around  the world. The systems were run by MICROS, which Oracle acquired in 2014.