Industry News

Credit card-stealing malware hits 54 Starwood hotels

Hackers have managed to steal the credit and debit card details of customers who made purchases at 54 North American Starwood-run hotels, after infecting point of sale systems with malware.

In a statement, the company warned that payment card information – including cardholder names, payment card numbers, security codes and expiration dates – were taken from customers who shopped at restaurants, gift shops and other point of sales systems at affected Starwood locations.

Affected hotels include ones operating under the Sheraton, Westin and W brand names.

At the time of writing, Starwood Hotels & Resorts says it has not found any evidence that the company’s guest reservation or Starwood Preferred Guest membership systems were compromised by the hackers, but it would obviously not do any harm to be cautious.

So, if you have ever used your credit card at a Starwoods hotel, shop or restaurant, you might be wise to keep an eye on your statements to see if there are any unexpected transactions. If you believe your account may be at risk, then you may be wise to contact your bank or card issuer immediately.

Starwood has produced a list of affected locations, and specific dates during which it believes each site was compromised – some dating back as far as May 2014.

starwood-list

Starwood says it has brought in third-party digital forensic experts to investigate the intrusion, and has taken steps to better secure customers’ payment card information.

Starwood is the latest in a line of hotels and resorts that have recently found their systems compromised by malware – other victims have included Hard Rock’s Las Vegas Hotel & Casino, the Las Vegas Sands casino, Trump Hotels, and FireKeepers Casino and Hotel.

This week it was announced that Marriott International was buying Starwood Hotels to form the biggest hotel chain in the world.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.