New Point-of-Sale Malware Campaign hits Twenty US Hotels Making Customers’ Financial Data Vulnerable
Believe it or not, if you have stayed at any of the below listed 20 hotels in the United States, your financial data might be at severe risk of hacking. That’s because the 20 US-based hotels that are being operated by HEI Hotel and Resorts on behalf of Intercontinental, Hyatt, Marriot and Starwood, have been hit by advanced malware campaign. The malware has infected point-of-sale terminals of hotels in Arlington, Chicago, San Francisco and Washington DC.
This Point-of-Sale (P0S) malware is aimed at obtaining key financial details of the hotels’ customers. This malware has infected the P0S terminals and systems of 20 hotels. The systems were located at restaurants, bars, spas and shops at the hotels. According to experts, the financial details of customers visiting the hotels between 2015 and 2016 were at risk.
Moreover, the data that has become vulnerable includes payment card numbers, names, card expiry dates and verification codes. According to HEI, the company never stores credit card details but it is being speculated that credit card details have been captured as well by the malware. It is being believed so because of the presence of this information at point-of-sale terminals in real-time.
This malware was discovered in June while the HEI representative Chris Daly maintains that the company cannot identify how many customers were affected. The company, naturally, has issued an apologetic statement that reads:
“We take this matter and the security of personal information very seriously and we will continue to review and enhance our security measures to further secure our systems. Please accept our sincere regret for any concern or frustration that this incident may cause.”
Here is a full list of affected properties:
It must be noted that law enforcement authorities have already been notified about the malware attack. It has also been revealed that the attack has been contained and there is no further risk of any new attack. Currently, HEI is trying to install a completely new payment processing system that is not linked with the core computer systems/network.