Starwood hotel chain reports monthslong data breachReprints
Starwood Hotels & Resorts Worldwide Inc. said Friday the point of sale systems at 26 of its hotels in the United States and Canada were infected with malware, which permitted access to some of its customers' payment card data for various periods between November 2014 and June 2015.
Sergio Rivera, president, the Americas, at Stamford, Connecticut-based Starwood said in a letter to its customers that after discovering the issue, it engaged third-party forensic experts to conduct an extensive investigation, and learned the malware affected restaurants, gift shops and other point of sale systems at its properties. There is no indication its guest reservation or Starwood Preferred Hotel membership systems were impacted, said the letter.
Starwood's hotels include Sheraton, Westin and other higher end and luxury brands.
The letter said the malware was designed to collect payment card information including cardholder name, payment card number, and security code and expiration date. There is no evidence contact information, social security numbers of PINs were affected, said the letter.
The letter said the chain has arranged for identify protection and credit monitoring services and for a free credit report to be provided to customers who were potentially affected.
The letter said also the malware “no longer represents a threat” to its customers.
The chief operating officer of the Hard Rock Hotel & Casino in Las Vegas said in April that hackers had obtained credit and debit card information from customers over a seven-month period that ended April 2.