New Data Breach at These Starwood, Marriott, and Hyatt Hotels

Please note that I receive compensation for many links on this blog. American Express and other banks are advertising partners of this site. Read my Advertiser Disclosure policy to learn more.

Malware is nasty stuff and it seems that just about every month we hear about more hotels with their point of sale systems infected. Hyatt, Omni, and Starwood have all been victims in the past year. Today another list of properties has been released that have had point-of-sale security incidents this summer.

HEI Hotels & Resorts reports that the security threat was found at gift shops, restaurants, and other point of sale systems at the properties.

Information that may have been stolen –

Cardholder name, complete credit card number, and expiration date.

There is no evidence that pin numbers have been compromised.

Here’s a screenshot of the full list of hotels affected by the breach along with dates, from HEI Hotels’ notice to guests

Screen Shot 2016-08-15 at 1.36.52 PM

After the last Starwood breach, their press release stated that –

The affected hotels have taken steps to secure customer payment card information and the malware no longer presents a threat to customers using payment cards at Starwood hotels.

Interestingly, none of the hotels on Starwood’s list from November are on today’s list of breaches. That could be coincidence but maybe the modification made it tougher for scammers at those properties so they stayed away.

HEI Hotels says that they are –

promptly transitioning payment card processing to a stand-alone system that is completely separated from the rest of our network. In addition, we have disabled the malware and are in the process of re configuring various components of our network and payment systems to enhance the security of these systems.

I’d think that it would be somehow less expensive to be proactive and modify the systems across the board rather than have to call in a team to investigate at each individual property after a breach and then fix.

I don’t know much about the security process though. I’m guessing there is a cost involved that makes it prohibitive to just update all properties at once rather than those just affected by a breach, and maybe the scammers change their methods slightly each time.

As always, guests are being asked to review their credit card statements and contact their bank or card issuer if there is something out of the ordinary spotted.

Editorial Note: The opinions expressed here are mine and not provided, reviewed or endorsed by any bank, card issuer, or other company including (but not limited to) American Express unless otherwise stated. Comments made in response to posts are not provided or commissioned, and they have not been reviewed or endorsed by any bank. It is not the responsibility of any advertiser to make sure that questions are answered.
Unauthorized use and/or duplication of the material on this site without express and written permission from this blog’s author and/or owner is strictly prohibited.

Leave a reply

Your email address will not be published. Required fields are marked *