Kimpton Hotels confirms data breach

Kimpton confirmed an investigation had found a malware attack on servers.

Boutique hotel operator Kimpton, which is part of InterContinental Hotels Group, confirmed that an investigation found a malware attack on servers that processed payment cards used at some of its hotels. The company launched a probe after it was informed in July of “unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of our hotels.”

Kimpton said that the malware installed was designed to track card number, cardholder name, expiration date and internal verification code. The incident involved cards used between Feb. 16 and July 7 at some of its properties, Kimpton said.

“Hotels, airlines and car-rental agencies need to stop kidding themselves, learn from other industries, and make cybersecurity a priority. Point-of-sale-based malware has driven most of the credit card breaches across so many industries already,” Shane Stevens, a director at VASCO Data Security, told Dark Reading. “As organizations address this point-of-sale issue, fraudsters are already looking at which attack vectors to hit in mobile. Their service providers shouldn’t create digital keys and other mobile conveniences until they can better protect their client companies and consumer customers across all channels.”

FREE HOTEL MANAGEMENT NEWSLETTER

Like this story? Subscribe to Technology!

Hospitality professionals turn to Technology as their go-to news source for the latest technology products and trends. Sign up today to get news and updates on security systems, in-room entertainment, and more delivered to your inbox and read on the go.

The company has published a list of the affected properties on its website.

This is the latest confirmed breach in a year full of acknowledged breaches: HEI Hotels and Resorts, Millennium Hotels & Resorts North America, the Hard Rock Hotel & Casino in Las Vegas (twice), Trump Hotels (twice), Golden Nugget hotels, Mandarin Oriental, Omni Hotels, Rosen Hotels & Resorts and White Lodging. Just last week Hutton Hotel confirmed a breach that lasted nearly four years.

Suggested Articles

The SureStay Plus by Best Western AC Luxe Angeles City is the company's seventh hotel in the country and second in Angeles City.

The direct hospitality lender sold its stake in the 182-suite Panama City Beach hotel to Wesley and Donna Spruill.

The Quay Perth hotel is an 80-room boutique property on the site of the former New Esplanade hotel in Western Australia's capital.