Boutique hotel operator Kimpton, which is part of InterContinental Hotels Group, confirmed that an investigation found a malware attack on servers that processed payment cards used at some of its hotels. The company launched a probe after it was informed in July of “unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of our hotels.”
Kimpton said that the malware installed was designed to track card number, cardholder name, expiration date and internal verification code. The incident involved cards used between Feb. 16 and July 7 at some of its properties, Kimpton said.
“Hotels, airlines and car-rental agencies need to stop kidding themselves, learn from other industries, and make cybersecurity a priority. Point-of-sale-based malware has driven most of the credit card breaches across so many industries already,” Shane Stevens, a director at VASCO Data Security, told Dark Reading. “As organizations address this point-of-sale issue, fraudsters are already looking at which attack vectors to hit in mobile. Their service providers shouldn’t create digital keys and other mobile conveniences until they can better protect their client companies and consumer customers across all channels.”
The company has published a list of the affected properties on its website.
This is the latest confirmed breach in a year full of acknowledged breaches: HEI Hotels and Resorts, Millennium Hotels & Resorts North America, the Hard Rock Hotel & Casino in Las Vegas (twice), Trump Hotels (twice), Golden Nugget hotels, Mandarin Oriental, Omni Hotels, Rosen Hotels & Resorts and White Lodging. Just last week Hutton Hotel confirmed a breach that lasted nearly four years.