Stamford, Conn.-based Starwood Hotels & Resorts announced that malware breached the POS systems at some of its North American hotels allowing unauthorized access to customer credit card data. Starwood retail brands include Sheraton and Westin hotels, among others.

The malware collects certain payment card information, including cardholder name, payment card number, security code and expiration date.

“There is no evidence that other customer information, such as contact information or PINs, were affected by this issue,” according to a company announcement on its web site.

After discovering the issue, Starwood said it engaged third-party forensic experts to conduct an extensive investigation to determine the specifics. Based on the investigation, the malware potentially affected certain restaurants, gift shops and other POS systems at certain Starwood properties.

“There is no indication at this time that the company's guest reservation or Starwood Preferred Guest membership systems were impacted,” the company said.

According to Starwood, the affected hotels have taken steps to secure customer payment card information and the malware no longer presents a threat to customers using payment cards at Starwood hotels.

“We have been working closely with law enforcement authorities and have been coordinating our efforts with the payment card organizations. We want to assure our customers that we have implemented additional security measures to help prevent this type of crime from reoccurring,” Sergio Rivera, Starwood president, the Americas said.

Starwood encouraged customers to carefully review and monitor their payment card account statements for any possible information theft. Marriott International Inc. recently agreed to acquire Starwood for $12.2 billion in a deal that would create the world's largest hotel group.

“This news is unsettling, especially as millions of families are preparing to travel for the upcoming holiday season. It's also a reminder that no business is immune from cybercriminals, and especially during the busy upcoming shopping season, merchants, retailers, hotel and hospitality businesses that process payment data are especially lucrative targets,” security expert Kevin Watson, CEO for Houston-based Netsurion, providers of remotely-managed security solutions for businesses, said. “Therefore, it's essential to take the necessary steps to protect customer data and ensure that stronger security measures are in place for their network, payment systems and on-premise wi-fi services. Making those areas a priority now will allow them to focus on the core business of providing customers with exceptional dining, lodging, event and travel experiences during the busy holiday travel season.”

In a separate but related announcement, the number of breaches captured on the 2015 ITRC Breach Report totaled 669, including 181,750,351 records exposed, as of Nov. 18. That represented a dip (4.3%) from last year's record pace for the same time period (699). The five industry sectors broke down as follows: Business = 38.6%; Medical/Healthcare = 36.0%; Banking/Credit/Financial = 9.1%; Educational = 7.8%; and Government/Military = 8.5%.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).