Kimpton Hotels confirms data breach

Kimpton confirmed an investigation had found a malware attack on servers.

Boutique hotel operator Kimpton, which is part of InterContinental Hotels Group, confirmed that an investigation found a malware attack on servers that processed payment cards used at some of its hotels. The company launched a probe after it was informed in July of “unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of our hotels.”

Kimpton said that the malware installed was designed to track card number, cardholder name, expiration date and internal verification code. The incident involved cards used between Feb. 16 and July 7 at some of its properties, Kimpton said.

“Hotels, airlines and car-rental agencies need to stop kidding themselves, learn from other industries, and make cybersecurity a priority. Point-of-sale-based malware has driven most of the credit card breaches across so many industries already,” Shane Stevens, a director at VASCO Data Security, told Dark Reading. “As organizations address this point-of-sale issue, fraudsters are already looking at which attack vectors to hit in mobile. Their service providers shouldn’t create digital keys and other mobile conveniences until they can better protect their client companies and consumer customers across all channels.”

FREE DAILY NEWSLETTER

Like this story? Subscribe to Operations & Technology!

Hospitality professionals turn to Operations & Technology as their go-to source for breaking news on guestrooms, food & beverage, hospitality and technology trends, management and more. Sign up today to get news and updates delivered to your inbox daily and read on the go.

The company has published a list of the affected properties on its website.

This is the latest confirmed breach in a year full of acknowledged breaches: HEI Hotels and Resorts, Millennium Hotels & Resorts North America, the Hard Rock Hotel & Casino in Las Vegas (twice), Trump Hotels (twice), Golden Nugget hotels, Mandarin Oriental, Omni Hotels, Rosen Hotels & Resorts and White Lodging. Just last week Hutton Hotel confirmed a breach that lasted nearly four years.

Suggested Articles

The S.C.-based restaurant group picked hospitality veteran Larry Spelts to lead its new hotel management and consulting division.

The East Palo Alto, Calif., property features the intelligent gym and personal trainer in select guestrooms.

Infor cloud solutions now connect siloed applications and reduce manual processes for the California resort.