Hackers have attacked 20 hotels in the US run by HEI Hotels and Resorts with a targeted malware. The hotels included 12 Starwood, six Marriott, one Hyatt and one InterContinental.
The cyber-attack likely resulted in the theft of the personal and financial information of thousands of customers. HEI confirmed that the breach was discovered in June and the malware was targeting POS (point-of-sale) systems.
Stolen information would have included card information including customers' names, payment card account numbers, card expiration dates and verification codes. The malware was active for over a year, from 1 March 2015 to 21 June 2016.
At this time, it's unclear how many customers were affected by the breach. A full list of the affected hotels can be found here.
HEI apologised to customers, saying the “incident has now been contained and individuals can safely use payment cards at all of our properties”.
HEI advises customers who used payment cards during the malware's active time period to review their card statements for unusual activity as soon as possible and notify the card issuer immediately if they see suspicious activity.
In an email to SCMagazineUK.com, Ken Bechtel, malware research analyst at Tenable Network Security said, “The latest string of point-of-sale (POS) malware attacks on retail and hospitality systems is indicative of the evolving threat environment. Mobile devices have become one of the largest growing threats for malware, and storing credit card data in various e-wallets, and in some cases apps, such as those used in fast service coffee shops, provides a lucrative target for profit-driven malware authors.
“Unfortunately, many companies struggle to keep up on security due to staff shortages, or a lack of proper tools to look for and identify abnormal network activities that could indicate a new piece of malware on the network. Although one-hundred percent prevention is unrealistic, having complete visibility into the overall security posture will help organisations lessen the risk of exposure to customers and detect vulnerabilities earlier.”