Intuit POS Zika virus
Major U.S. Hotels Hit by Point-of-Sale System Breach
HEI Hotels & Resorts is warning guests who stayed at some of its properties that they might have had their payment card data stolen while making purchases at onsite restaurants, gift shops and spas. The security breach affected 20 properties, including some Marriott, Starwood, Sheraton and Westin hotels, at various times between March 1, 2015 and June 21, 2016 according to the hotel chain. First reported to the chain by its card processor, the incident has now been contained, according to the company.
During the breach, malware on point-of-sale (PoS) terminals might have affected the payment card data of some customers, including card numbers, expiration dates and verification codes. The company is recommending that people who stayed at the affected properties closely review their credit and debit card statements for unusual activity, and immediately report any suspicious charges to their card issuers.
Forensic Investigator Called In
"HEI was recently alerted to a potential security incident by its card processor, " the company said in an online notice. "Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain properties designed to capture payment card information as it was routed through these systems."
When it learned of the breach, HEI said it promptly notified law enforcement and hired an independent forensic expert to investigate the incident. The company also switched to a standalone payment processing system to separate PoS transactions from the rest of its network.
"Based on an independent forensic investigation, we believe that individuals were able to gain unauthorized access to certain HEI computers and may have been able to access some payment card data as it was being entered into our systems, " the company said.
HEI apologized to customers for any concerns or frustrations caused by this incident. "We have also been in contact with law enforcement and will continue to cooperate with their ongoing investigation, " HEI said.
Since being alerted to the breach, the company said it has been able to remove the malware from its system. HEI added that it is also working to strengthen data security by reconfiguring parts of its network and payment systems, and that its PoS sites are now safe for payment card transactions.