Payment Systems of Hilton Worldwide Hit by Malware
smh.com.au reported on 25th August, 2015, quoting Hilton Worldwide Holdings, hotel chain operator, with headquarter at Virginia, United States, as saying that in some payment systems they have found unauthorized malware, which targeted payment card information including in Australian hotels".
Hilton recently said that a third party has investigated and found that specific payment card information are targeted by malware, which included names of cardholder, expiry dates, security codes and payment card numbers.
The company further added that the targeted information does not have PINs (Personal Identification Numbers) or addresses.
As per Hilton, customers who have used their cards at some stage - from November 18 to December 5, 2014; or April 21 to July 27, 2015 - are suggested to verify their bank statements.
nbcnews.com published news on 24th November, 2015, quoting a statement of the company that "Hilton Worldwide is strongly committed to protect payment card information of customers, and we sincerely regret for any inconvenience caused to customers due to this".
smh.com.au published news on 25th August, 2015, quoting a Spokesperson of Hilton Worldwide Holdings on being asked about the breach in Australia, as saying "payment systems were impacted across our global portfolio during the date range and consumers should be cautious about their statements if they stay at one of our properties".
The Double Tree and Conrad hotel chains owner, however, did not give details on the number of affected cards.
The declaration came just few days after Starwood Hotels, which operates the Westin and Sheraton chains, said that the payment systems are infected by the hackers in few of its establishments, possibly leaking credit card data of customer.
As per Starwood, the hacking took place at "limited number" of its hotels in North America. Some of its other popular chains include W Hotels and St Regis.
Starwood said that forensic experts investigated and found malware in few gift shops, restaurants, and other points of sale systems at hotels.
securityweek.com published news on 25th November, 2015, quoting a statement of the group that "the malware was designed to collect certain payment card information including name of the cardholder, security code, payment card number and expiry date".
» SPAMfighter News - 11/30/2015