Data security is top of mind these days, and it can happen to anyone. Case in point, Hilton Worldwide Holdings said it is investigating claims its U.S. shops and gift stores may be the site of the industry's latest credit-card hack, with cards attacked between April 21 and July 2015.
The BBC reported that the breach is not linked to guest reservation systems. Instead, a large number of compromised cards listed in an alert by Visa have shown activity in Hilton properties, though Visa has not named Hilton in the confidential alert sent to various financial organizations. Hilton brands named in the hack included: Embassy Suites, Doubletree, Hampton Inn and Suites and Waldorf Astoria Hotels & Resorts.
"… sources say the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties," security expert Brian Krebs wrote on his site, KrebsOnSecurity. "It remains unclear how many Hilton properties may be affected by this apparent breach."
Sources told KrebsOnSecurity that the breach may date back to November 2014, and may be ongoing.
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information," Hilton Worldwide said in a statement to Reuters. “We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter."
Hilton is only the latest in a string of cyber theft cases that are targeting the industry. Last month the 3rd U.S. Circuit Court of Appeals upheld an April 2014 lower court ruling that Wyndham Worldwide was accountable for three security breaches in 2008 and 2009, where hackers stole credit card and other information from more than 619,000 consumers.