In a letter from its president, Starwood Hotels in North America has announced that it suffered a data breach at many of its properties across the United States. The breaches started and stopped at different times, with some having happened last year and others as recently as this past summer. Starwood cites a malware intrusion affecting select point of sale systems as the cause of the data breach, allowing the hackers to access some customers’ credit and debit card details.
Starwood says it learned about the breach “recently”, and has initiated an investigation as a result, doing so with third-party forensic experts and law enforcement. The hotels affected by the malware, of which there are 54 properties, have “taken steps” to protect customer payment data, and have eliminated the malware threat.
This malware, in some cases, affected multiple point of sale systems at Starwood properties, including things like gift shops, restaurants, and similar things. However, Starwood says there’s no sign that its Preferred Guest or reservation systems were hit with the breach. It is known, however, what kind of data the malware targeted.
Among it was cardholder name and the card number, the expiration date, and the security code (all of which allows a card to be used online). Social security numbers, PINs, and contact details seemingly weren’t compromised, though. Customers who visited the affected properties during their respective breach periods are encouraged to monitor their credit reports and bank accounts. The company will also offer affected customers a year of free credit monitoring.
The full list of affected properties is available here [PDF].
SOURCE: Starwood Hotels