HEI Hotels hit with data breach

Hotels in 10 states and the District of Columbia could be victims of a new data breach. Hotel operator HEI Hotels & Resorts said malware was found in 20 locations, and may have collected personal information on guests such as names, payment card numbers and verification codes.

The breach is estimated to have begun in December and was carried out through June, though HEI suspects some properties may have been infected with malware since March 2015. The hack primarily targeted food & beverage outlets in the hotels.

"We are treating this matter as a top priority, and took steps to address and contain this incident promptly after it was discovered," HEI said in a statement.

Virtual Event

HOTEL OPTIMIZATION PART 2 | SEPTEMBER 10 & 24, 2020

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


Once HEI discovered the breach, payment card processing was transferred to a stand-alone system apart from the rest of the company's network, and the malware was removed. The company is also increasing the security of its network, and is working with law enforcement, banks and credit card companies.

HEI said in a statement that the breach is fully contained, and customers are now free to safely use credit cards at all of HEI's properties. However, in the interest of transparency, HEI also provided an FAQ to guests and operators detailing the hack and what they should do in response. The full list of affected properties can be found here, and include hotels in Florida, Texas, Vermont, Illinois, California, Virginia, Tennessee, Minnesota, Colorado, Pennsylvania and Washington, D.C.

Suggested Articles

The agreement will extend Agilysys customers’ access to contactless global omnichannel payments.

During a conference call hosted by advocacy organization Economic Innovation Group, industry leaders emphasized the need for immediate fiscal help.

The deal would have had NHT Operating Partnership acquire all of the outstanding equity interests of Condor via a merger valued at $318 million.