Hilton investigates data hack in hotel shops

Data security is top of mind these days, and it can happen to anyone. Case in point, Hilton Worldwide Holdings said it is investigating claims its U.S. shops and gift stores may be the site of the industry's latest credit-card hack, with cards attacked between April 21 and July 2015.

The BBC reported that the breach is not linked to guest reservation systems. Instead, a large number of compromised cards listed in an alert by Visa have shown activity in Hilton properties, though Visa has not named Hilton in the confidential alert sent to various financial organizations. Hilton brands named in the hack included: Embassy Suites, Doubletree, Hampton Inn and Suites and Waldorf Astoria Hotels & Resorts.

"… sources say the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties," security expert Brian Krebs wrote on his site, KrebsOnSecurity. "It remains unclear how many Hilton properties may be affected by this apparent breach."

Virtual Event

Hotel Optimization Part 3 | January 27, 2021

With 2020 behind us and widespread vaccine distribution on the horizon, the second half of the new year is looking up, but for Q1 (and most likely well into Q2) we’re very much still in the thick of what has undeniably been the lowest point of the pandemic. What can you be doing now to power through and set yourself up for a prosperous 2021 and beyond? Join us at Part 3 of Hotel Optimization – A Virtual Event on January 27 from 10am – 1:05pm ET for expert panels focused on getting you back to profitability.

Sources told KrebsOnSecurity that the breach may date back to November 2014, and may be ongoing. 

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information," Hilton Worldwide said in a statement to Reuters. “We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter."

Hilton is only the latest in a string of cyber theft cases that are targeting the industry. Last month the 3rd U.S. Circuit Court of Appeals upheld an April 2014 lower court ruling that Wyndham Worldwide was accountable for three security breaches in 2008 and 2009, where hackers stole credit card and other information from more than 619,000 consumers.