Dive Brief:
-
Hilton Worldwide Holdings Inc said it identified unauthorized malware in some payment systems that targeted payment card information.
-
A third-party investigation found that the malware targeted specific payment card information, that included cardholder names, payment card numbers, security codes and expiration dates, Hilton said.
-
The information targeted, however, did not include addresses or personal identification numbers, the company said.
Dive Insight:
Hilton identified the time period Nov. 18 to Dec. 5, 2014 or April 21 to July 27, 2015, but did not provide details on the number of cards affected.
The announcement comes on the heels of a similar announcement from Starwood Hotels & Resorts Worldwide Inc., which said that 54 of its hotels in North America had been infected with a malware designed to collect payment card data between November 2014 and October 2015. The company said the affected payment systems were at the restaurants, gift shops and other places in certain hotels.
Several hotel chains have been victims of cyber attacks over the last several months, and the FTC is currently pursuing a lawsuit that would hold Wyndham Worldwide Corp. accountable for data breaches that occurred in 2008 and 2009, wherein 619,000 customers had personal data, including credit card information, stolen. The stolen data was then used to rack up over $10 million in fraudulent charges.
