Hutton Hotel POS systems compromised with malware for four years

Nashville-based Hutton Hotel revealed a serious security breach that affected all customers who used their credit or debit cards at the hotel since September 2012. Hutton Hotel said hotel's payment processor discovered the breach and notified hotel officials.

Following an initial assertion of the security breach, Hutton Hotel has learned that point-of-sale systems used at its check-in counter and onsite food-and-beverage outlets had been infected with malware. All guests who used their payment card to pay for reservations and rooms between Sept. 19, 2012, and April 16, 2015, might have had their payment card data stolen.

Additionally, the malware was also present in the POS system used at the onsite food-and-beverage outlets from Sept. 19, 2012, to Jan. 15, 2015, and then from Aug. 12, 2015, to June 10, 2016.

In past payment card breaches, you generally see a POS malware infection going undetected for one or two years, reports Softpedia. At Hutton Hotel, the POS malware infiltration managed to stay hidden for a whopping four years.

Hutton Hotel says it has put in place new security measures and is now using "standalone payment processing devices" although it didn't explain how that helps. Law enforcement has been notified, and the hotel is working with payment card companies to identify those affected, reports BankInfoSecurity.

"For those guests that we can identify as having used their payment card during the at-risk window and for whom we have a mailing or email address, we will be mailing a letter or sending an email to them," it said.