US hotel chain Hilton hit by computer malware, cautions customers

25 Nov 2015

US hotel chain Hilton revealed yesterday that its POS computer systems had been infected with malware that could steal credit card information.

Hilton did not disclose any instance of data theft, but advised that people who had used payment cards at Hilton Worldwide hotels between 18 November and 5 December of last year or 21 April 21 and 27 July of should watch for irregular activity on credit or debit card accounts.

Malicious code that infected registers at hotels could steal cardholders' details, including names card numbers, security codes and expiration dates, Hilton said in an online post.

According to Hilton, the breach was being investigated with help of third-party forensic experts, law enforcement agencies and payment card companies.

The announcement follows just days after Starwood Hotels, operator of the Sheraton and Westin chains, said that hackers had infected payment systems at a number of its establishments, potentially leaking customer credit card data.

The breach occurred only at a ''limited number'' of its hotels in North America, according to Starwood, which also operates other well-known chains like St Regis and W Hotels.

Starwood added that an investigation by forensic experts revealed that some restaurants, gift shops and other points of sale systems at hotels had been hit with malware.

''The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date,'' the group said in a statement.

"As a precautionary measure, customers may wish to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel" from 18 November to 5 December 2014 or 21 April to 27 July 2015, the company said.

While it was not clear whether the same malware targeted Starwood and Hilton, the pieces of information stolen were the same.

The Starwood attack occurred over the period from 7 November 2014 to 30 June 2015.