Hilton Worldwide Hit with PoS Malware

Written by

Hilton Worldwide has confirmed that it is the latest victim of a point-of-sale (PoS) malware breach, affecting multiple hotel properties.

The company’s brief statement did not specify the number of worldwide properties or customers that could be affected by the unauthorized access to payment card data; and it didn’t mention the dates that the malware was active. So for now, travelers are in the dark.

Justin Basini, co-founder and CEO of ClearScore, told us that “Hilton Worldwide customers face a very real threat of fraud—people will be worried that their personal details may already have been sold to criminals looking to instigate phishing attacks. Customers need to be proactive in looking out for suspicious or unexpected activity, such as someone taking out a credit card or loan in their name.  Hilton Worldwide customers should check their credit reports to monitor for any unusual activity. Any unusual behavior should be reported to Action Fraud.”

Hilton did say that specific payment card information was targeted, including cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).

“This news is unsettling, especially as millions of Americans are preparing to travel for the upcoming Thanksgiving holiday,” said Kevin Watson, CEO at Netsurion, in an email. “It’s a harsh reminder that no business is immune to cyber-criminals, and it’s especially important during the holiday season for merchants, retailers, hotels and hospitality businesses that process payment data to understand that they are lucrative targets.”

Watson added, "It’s essential to take the necessary steps to protect customer data and ensure that stronger security measures are in place for their networks, payment systems and on-premise Wi-Fi services. Making those areas a priority now will allow them to focus on the core business of providing customers with exceptional dining, lodging, event and travel experiences during the busy holiday travel period.”

The news comes shortly after the revelation that Starwood hotels in 54 locations were similarly victimized.

Photo © pbombaert/Shutterstock.com

What’s hot on Infosecurity Magazine?