A series of malware infections at hotel chains has consumers worried – especially during the holiday season. Starwood Hotels & Resorts Worldwide publicly disclosed that malware has infected their point-of-sales systems. Starwood guests who used their payment cards at shops, restaurants, and coffee bars within the hotel are at risk of having their personal and financial information compromised. According to the hotel, guests who merely checked in and out at the front desk, and didn’t use their payment cards at any of the hotel restaurants or shops should not worry about having their information stolen.
The hotel chain says that the malware has affected 54 of its North American locations. Affected hotels include the W Hollywood in Los Angeles, the Westin New York Grand Central, and the Le Centre Sheraton in Montreal. The first of these breaches occurred at the Sheraton Walt Disney World Dolphin hotel in Orlando last year. The data breach that occurred at this hotel on November 5, 2014 exposed hotel guest information until April 13, 2015. On March 2nd, nearly 35 hotels were exposed, and these attacks lasted for about six weeks.
The malware was able to snag the personal and financial information of hotel guests. The stolen financial data includes credit and debit card numbers, expiration numbers. The hotel has not revealed exactly how many payment cards were compromised by this breach. The hackers were also able to see guest names. The hotel chain says that the malware was not able to pick up any PINs that the guests used to authorize payments on their cards. Starwood Hotels says that the guest reservation system and loyalty rewards program were not compromised by this breach. The hotel also believes that there is no indication that any other personal information was stolen.
Two other hotel breaches that occurred this year have consumers worried. Visa uncovered some suspicious activity on their customers’ accounts, and found that it was linked to Hilton. Hilton then discovered that their properties were infected with malware. The malware attack at the Hilton Hotel properties, which include the Embassy Suites, the Hampton Inn, and Doubletree, also affected customers who used payment cards at shops and restaurants within their hotel. The hackers were able to steal information from guests who stayed at a Hilton property from April 21st to June 27th. The Trump Hotel Collection also suffered a data breach, where hackers were able to get access to customer payment card account numbers, expiration dates, and security codes. The Trump Hotel Collection said that it removed the malware from its point-of-sale terminals. Affected hotels include the Trump International hotels in New York, Las Vegas, and Toronto.
Malware infections at point-of-sale systems are a common way for hackers to steal information about consumers. Consumers who are the victims of malware attacks have to worry about identity fraud, since hackers like to sell the personal information they steal. Guests will be concerned about hotel security when they travel. With a card scanner that can authenticate IDs from all 50 states, and passports from different countries, hotels can verify the identities of guests who are checking into a room. Hotels can give their customers an extra layer of security by using card scanning technology at the front desks.