Hilton investigates data hack in hotel shops

Data security is top of mind these days, and it can happen to anyone. Case in point, Hilton Worldwide Holdings said it is investigating claims its U.S. shops and gift stores may be the site of the industry's latest credit-card hack, with cards attacked between April 21 and July 2015.

The BBC reported that the breach is not linked to guest reservation systems. Instead, a large number of compromised cards listed in an alert by Visa have shown activity in Hilton properties, though Visa has not named Hilton in the confidential alert sent to various financial organizations. Hilton brands named in the hack included: Embassy Suites, Doubletree, Hampton Inn and Suites and Waldorf Astoria Hotels & Resorts.

"… sources say the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties," security expert Brian Krebs wrote on his site, KrebsOnSecurity. "It remains unclear how many Hilton properties may be affected by this apparent breach."

Virtual Roundtable

Post COVID-19: The New Guest Experience

Join Hotel Management’s Elaine Simon for our latest roundtable—Post COVID-19: The New Guest Experience. The experts on the panel will share how to inspire guest confidence that hotels are safe and clean and how to win back guest business.

Sources told KrebsOnSecurity that the breach may date back to November 2014, and may be ongoing. 

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information," Hilton Worldwide said in a statement to Reuters. “We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter."

Hilton is only the latest in a string of cyber theft cases that are targeting the industry. Last month the 3rd U.S. Circuit Court of Appeals upheld an April 2014 lower court ruling that Wyndham Worldwide was accountable for three security breaches in 2008 and 2009, where hackers stole credit card and other information from more than 619,000 consumers.

Suggested Articles

The REIT said that it does not expect to see a meaningful increase in demand for its portfolio until there are COVID-19 medical solutions in place.

Choice Hotels International hailed its strong domestic drive-to and leisure markets as it reported growth in occupancy and conversions.

The platform’s new dine-in features provide restaurant patrons safe and secure contactless tableside ordering and payments functionality.