Major hotel operator HEI Hotels and Resorts reported on Monday that 20 U.S. hotels it runs have suffered a major data breach that may have divulged customer bank card data.
The breach appears to have hit 20 HEI Hotels, and in most cases, the malware appears to have been active from December 2, 2015 to June 21, 2016.
“We take this matter and the security of personal information very seriously and we will continue to review and enhance our security measures to further secure our systems”, the firm said.
Retailers and other companies that deal with large numbers of credit cards have become popular targets for hackers.
HEI says the malware had the ability to collect credit card data in real time, as the PoS system was processing the information. It’s hard to determine how many customers were affected because they may have used their cards a number of times.
The malware was discovered in early to mid-June on payment systems used at restaurants, bars, spas, lobby shops and other facilities at the properties, Chris Daly, a spokesman for HEI, said in emails and phone calls.
A Center City hotel is among 20 properties across the United States that may have been compromised by a data breach.
HEI in Norwalk, Connecticut, did not specify how many people were likely to have been affected. If you notice anything from the hotel that doesn’t look right to you, contact your bank or credit card company.
“HEI was recently alerted to a potential security incident by its card processor”, the company said in a statement. HEI said they’ve corrected the problem and it’s safe to use cards at their hotels. Relevant law enforcement was also notified of the breach. The list of affected properties, including the Boca Raton Marriott and The Westin Washington, D.C., for example, and the data breach periods can be found here.
As with any breach, consumers are not liable for fraudulent charges on their credit cards.