Hotels in 10 states and the District of Columbia could be victims of a new data breach. Hotel operator HEI Hotels & Resorts said malware was found in 20 locations, and may have collected personal information on guests such as names, payment card numbers and verification codes.
The breach is estimated to have begun in December and was carried out through June, though HEI suspects some properties may have been infected with malware since March 2015. The hack primarily targeted food & beverage outlets in the hotels.
"We are treating this matter as a top priority, and took steps to address and contain this incident promptly after it was discovered," HEI said in a statement.
Malware designed to collect card data was found on systems for HEI Hotels & Resorts for Starwood, Marriott, Hyatt... https://t.co/jKn9ezU2Eu— Social Hax (@socialhax) August 15, 2016
Once HEI discovered the breach, payment card processing was transferred to a stand-alone system apart from the rest of the company's network, and the malware was removed. The company is also increasing the security of its network, and is working with law enforcement, banks and credit card companies.
HEI said in a statement that the breach is fully contained, and customers are now free to safely use credit cards at all of HEI's properties. However, in the interest of transparency, HEI also provided an FAQ to guests and operators detailing the hack and what they should do in response. The full list of affected properties can be found here, and include hotels in Florida, Texas, Vermont, Illinois, California, Virginia, Tennessee, Minnesota, Colorado, Pennsylvania and Washington, D.C.