id2957582binary5100601057orig
Security

HEI Hotels reports point-of-sale terminals breach

HEI Hotels & Resorts has reported a possible compromise of payment card information at its point-of-sale terminals, the latest in a string of attacks on such systems at hotels, hospitals and retailers.

The company, which manages close to 60 Starwood, Hilton, Marriott, Hyatt and InterContinental properties, said it appears that malicious software was installed on the payment processing systems at certain properties, with the aim of harvesting the card data as it was routed through the systems.

The compromise may have possibly affected the personal information of some hotel customers who made payment card purchases at point-of-sale terminals, such as food and beverage outlets, at certain HEI managed properties.

HEI in Norwalk, Connecticut, did not specify how many people were likely to have been affected. The data compromised may have included payment card data, including name, payment card account number, card expiration date, and verification code, it said.

“We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems,” HEI said in a separate FAQ. It added that it does not store data like credit or debit card numbers of customers, or collect card personal identification numbers or social security numbers on its own systems.

The chain said it would not be contacting customers it thinks could be affected as it does “not collect or maintain sufficient information to locate and contact potentially affected customers.”

It said it would cooperate with investigations by federal law enforcement.

HEI spokesman Chris Daly said the company is working with credit card processors to obtain the exact number of unique card holders impacted. "Due to guests paying in multiple outlets during a stay or even visiting multiple times, or visiting multiple locations managed by HEI, an exact number is difficult to calculate. Furthermore, HEI does not store credit card details," he wrote in an email. The attacks at 20 properties were from March 2015 to June 2016.

Omni Hotels & Resorts in Dallas, Texas reported last month that malware hit point-of-sale systems at some of its properties, with an eye to pilfering payment card information. Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings, Neiman Marcus have also reported data breaches through their point-of-sale systems.

IDG Insider

PREVIOUS ARTICLE

« Best budget laptops: We rate the best-selling portables on Amazon and Best Buy

NEXT ARTICLE

Windows 10 Anniversary Update freezing on you? Microsoft's looking into it »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?