It seems that hackers have now set their sights on the tourism industry. After several attacks at Hyatt Hotels Corp. and Starwood Hotels & Resorts Worldwide Inc. in the past months, it was recently revealed that 20 more US hotels have been hit by a malware attack.
HEI Hotels & Resorts announced late last week that 20 of the properties it operates in the US have suffered data breaches. The hotels belong to the Starwood, Marriott, Hyatt and Intercontinental brands. According to HEI, the attack may have divulged payment card data from tens of thousands of food, drink and other transactions.
The Norwalk, Connecticut-based privately held company found the malware in its systems in early to mid-June. Chris Daly, a spokesman for HEI, told Reuters that the attacks didn’t only affect the hotels. They also hit other facilities at the properties, including restaurants, bars, spas or lobby shops.
HEI was so far unable to estimate how many customers fell victim to the attacks, because most of them used their cards multiple times. The numbers of transactions that occurred during the affected period are in the tens and maybe even hundreds of thousands.
The malware attack was active from March 1, 2015 to June 21, 2016, according to HEI. It affected 12 Starwood hotels, six Marriott International properties, one Hyatt hotel and one InterContinental Hotels Group hotel. Fourteen of these hotels were hit after December 2, 2015.
HEI brought outside experts to investigate the security breach. The hackers might have stolen customer names, account numbers, payment card expiration dates and verification codes. But HEI does not store PIN code information. So, for the moment, these seem to be safe. The company has informed federal authorities and has now installed a new payment processing system. It is also providing its customers with the following information and resources:
- A detailed Notice Letter that explains what happened, describes the actions the company has taken, and provides information and resources to anyone who may have been affected.
- A Frequently Asked Questions document, delivering additional information that HEI customers may want or need.
- A List of Affected Properties, segmented by state and providing street addresses.
- Access to a Toll-Free Call Center, with operators standing by to address customer questions and concerns about this incident. You can reach this call center by dialing 888-849-1113 between 9:00 a.m. and 9:00 p.m. Eastern time, Monday through Friday.
“We take this matter and the security of personal information very seriously and we will continue to review and enhance our security measures to further secure our systems,” HEI said on its website, also apologizing to its clients for the problems the incident may have caused.
The 20 hotels affected by the malware attack
If you want to learn more about how hackers steal your credit card data and what you can do to avoid it, check out the following article.