November 25, 2015 by

Hilton Hotels Confirms Payment Details Theft

Merely days after Starwood Hotels revealed that it had been compromised by a malware affecting it payment systems to steal card information, the Hilton Hotel group has now confirmed that it too has been the target of a malware looking to siphon payment card information.

The revelation of a credit card breach affecting Hilton Hotel properties was originally made by independent security research blog KrebsOnSecurity and was reported on by Lifars. Now, Hilton WorldWide has confirmed the breach and revealed that it has lasted over a 17-week period between November 18, 2014 to December 5, 2014 as well as April 21, 2015 to July 27, 2015.

According to a press release, Hilton hotels noted that stolen data includes:

  • Cardholder names
  • Payment card numbers
  • Security codes
  • Expiration dates

However, no personal addresses or card personal identification numbers (PINs) are believed to be stolen.

An excerpt from the press release read:

Hilton Worldwide has identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems.

The Hotel group added that it is working closely with data forensics experts and law enforcement along with payment card companies in the investigation.

The point-of-sale systems include gift shops, restaurants and other shopping locations within multiple Hilton properties. The hotel chain did not reveal the number of card details that were stolen nor the locations of the targeted properties.

The hotel chain reminds customers that they are generally not liable for fraudulent transactions and unauthorized purchases made. Those who may have frequented Hilton hotel properties within the specified dates are encouraged to check their statements for any irregular activity.

Related articleOver 50 Starwood Hotels Struck by Credit Card Malware

Hilton joins the likes of Starwood and the Trump Hotel Collection in being the targets of the comprehensive payment systems breach. Noting the pattern of the cyberattacks focusing on hotel chains, Ryan Wilk, director at NuData Security, a fraud prevention firm noted:

While we can’t know for sure what [the] hackers’ long-term plans are, it does seem credible that they are targeting specific industries that likely have the same exploits in order to maximize their efforts before moving on to the next industry.

Stolen payment card details are commonly sold in dark markets around the world, particularly in Europe and Asia.

Hilton hotels has also offered a year’s worth of free credit monitoring for affected customers.

 

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Fake SWIFT Service Emails Delivers Adwind Remote Access Trojan

An email phishing campaign has attempted to infect unsuspecting victims with the Adwind...

Read more arrow_forward

Tesla’s Cloud Account Hacked to Mine Cryptocurrency

Tesla’s cloud environment has been exploited by hackers who used the computational power to mine...

Read more arrow_forward

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward