In late September, a report surfaced claiming that some Hilton properties had been hit with a data breach, leaving customers’ payment cards vulnerable. Hilton had responded with the promise of an investigation, saying it took the matter “very seriously.” In a statement released to customers today, Hilton Worldwide announced that the report was true, and that some of its point-of-sale systems were hacked.
The company says it worked with third-party forensics experts, card companies, and law enforcement during its investigation. The company found that some point—of-sale systems in some of its hotels were infected with malware, which has since been “eradicated.”
The malware potentially affected customers who stayed at a Hilton Worldwide hotel between November 18 and December 5, 2014, and April 21 to July 27, 2015. Applicable customers are encouraged to check their card statements for any unauthorized transactions.
Says the company, the malware targeted cardholder names and card numbers, security codes, and expiration dates. Neither PINs nor billing addresses were compromised, however. The company is offering a year of free credit monitoring for affected customers who wish to use the service.
This announcement comes a single day after Starwood Hotels announced that it discovered a very similar data breach at some of its own hotels. How many Hilton properties were affected is unclear.