Malware is nasty stuff and it seems that just about every month we hear about more hotels with their point of sale systems infected. Hyatt, Omni, and Starwood have all been victims in the past year. Today another list of properties has been released that have had point-of-sale security incidents this summer.
HEI Hotels & Resorts reports that the security threat was found at gift shops, restaurants, and other point of sale systems at the properties.
Information that may have been stolen –
Cardholder name, complete credit card number, and expiration date.
There is no evidence that pin numbers have been compromised.
Here’s a screenshot of the full list of hotels affected by the breach along with dates, from HEI Hotels’ notice to guests –
After the last Starwood breach, their press release stated that –
The affected hotels have taken steps to secure customer payment card information and the malware no longer presents a threat to customers using payment cards at Starwood hotels.
Interestingly, none of the hotels on Starwood’s list from November are on today’s list of breaches. That could be coincidence but maybe the modification made it tougher for scammers at those properties so they stayed away.
HEI Hotels says that they are –
promptly transitioning payment card processing to a stand-alone system that is completely separated from the rest of our network. In addition, we have disabled the malware and are in the process of re configuring various components of our network and payment systems to enhance the security of these systems.
I’d think that it would be somehow less expensive to be proactive and modify the systems across the board rather than have to call in a team to investigate at each individual property after a breach and then fix.
I don’t know much about the security process though. I’m guessing there is a cost involved that makes it prohibitive to just update all properties at once rather than those just affected by a breach, and maybe the scammers change their methods slightly each time.
As always, guests are being asked to review their credit card statements and contact their bank or card issuer if there is something out of the ordinary spotted.