Starwood Hotels Victim of Payment System Data Breach
Just days after Marriott Hotels announced its acquisition of Starwood Hotels, Starwood has reported a potential credit card breach at some of its North American locations. The dates for the breach vary by location, but they range from November 2014 to October 2015.
Starwood Hotels released a full list of affected locations on its website, along with the dates of the breach for each location. Most of the hotels that were impacted by the hack were either Westin or Sheraton brands.
The data breach is the result of malware installed on the point of sale terminals at the 54 affected hotels. The malware is able to collect data from debit and credit cards from the terminals.
Starwood said it hired forensic experts to investigate the situation as soon as it learned of the breach. They determined the malware had affected restaurants, gift shops and other point of sale systems at Starwood properties. It did not appear as if the guest registration system or Starwood Preferred Guest membership system were breached. This is similar to attacks that happened earlier this year at Hilton and Trump Hotels.
The malware was designed to obtain payment card information, including the customer’s name, card number, security code and expiration date. Contact information and PINs did not seem affected. Starwood stated the system has been secured.
“Protecting our customers’ information is critically important to Starwood and we take this issue extremely seriously,” said Sergio Rivera, Starwood President, The Americas. “Quickly after we became aware of the possible issue, we took prompt action to determine the facts. We have been working closely with law enforcement authorities and have been coordinating our efforts with the payment card organizations. We want to assure our customers that we have implemented additional security measures to help prevent this type of crime from reoccurring.”
Starwood encourages customers to review their account statements and be on the lookout for fraudulent transactions. If they do believe their payment card was affected, they should contact their bank or card issuer immediately.