Hilton Worldwide disclosed that it had found that malware had
targeted payment card information on some third-party point-of-sale systems. Two
breaches allowed unauthorized parties to access cardholder names, card numbers,
payment card numbers, security codes and expiration dates.
Hilton worked with third-party forensic experts, law
enforcement and payment card companies to determine which information was
targeted, but it did not disclose which of its almost 4,500 hotels were
affected. The company is cautioning customers to review and monitor card
statements if they used payment cards at any hotel in the Hilton portfolio from
Nov. 18 to Dec. 5, 2014, or from April 21 to July 27, 2015.
“You have my personal assurance that we take this matter
very seriously, and we immediately launched an investigation and further
strengthened our systems,” executive vice president of global brands Jim
Holthouser said in a statement on Hilton’s site. The breach hasn’t affected the
guest reservation system.
If Tuesday’s announcement conjured déjà vu, it’s because
Hilton is only one of a number of major hoteliers to come forward with similar
disclosures recently. Last week, Starwood Hotels & Resorts Worldwide announced
breaches at 54 of its properties, where malware also targeted card payment
information on point-of-sale systems.