Starwood Hotels reported that malware implanted on the point-of-sale systems at several of its properties may have exposed customer credit card data.
How many victims? The company said it does not have any information on whether or not the exposed information was actually taken. Fifty-four of Starwood’s 1,275 properties in the United States and Canada were affected.
What type of information? Credit card data from some customers.
What happened? A limited number of its hotels in North America were infected with malware, enabling unauthorized parties to access payment card data of some customers. This took place between November 2014 and October 2015.
What was the response? The malware was removed and customers are being notified. Starwood engaged a third-party forensic expert to investigate the breach. The expert found malware in the point of sale systems in certain restaurants, gift shops and other locations in a limited number of Starwood properties.
Details? Starwood said the malware’s intended target was to collect certain payment card information, including cardholder name, payment card number, security code and expiration date. The hotel chain does not believe other information, such as contact information or PINs, were compromised. The payment systems have been. The affected hotels have fixed the point of sale systems and taken steps to further safeguard customer payment card information.
Quote? ” Quickly after we became aware of the possible issue, we took prompt action to determine the facts. We have been working closely with law enforcement authorities and have been coordinating our efforts with the payment card organizations. – Sergio Rivera, Starwood President, The Americas
Source: Starwood Hotels