Hotel Industry Payment Systems Under Attack

By Cameron Abbott and Meg Aitken

Stayed at one of Hilton Worldwide Holdings’ (Hilton) hotels between 18 November – 5 December 2014 or 21 April – 27 July 2015? Check your bank statement.

Within the same week, both the Hilton and Starwood Hotels & Resorts Worldwide Inc. (Starwood) have discovered the point-of-sale terminals at a number of hotels across the globe have been infected with malware.

The malicious malware has enabled hackers to pinch the credit and debit card information of Starwood and Hilton customers, however there is apparently no evidence that personal contact information provided as part of the hotels’ guest-reservation system or loyalty rewards program was stolen.

While the attack on Starwood was confined to 54 of its hotels in North America, the Hilton attack affected the chain’s hotels globally, including Australian establishments. The number of cards compromised has not been revealed by either hotel.

Starwood and Hilton hotels are not the only luxury hotel chains to be affected by data hacks in 2015. The Mandarin Oriental and Trump International have also reported data security breaches involving intrusive malware this year. In the case of Starwood the hack occurred over eight months without detection showing how sophisticated some of these attacks are.

Starwood’s media release can be found here. Hilton’s media release can be accessed here.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.