HEI Hotels & Resorts is warning guests who stayed at some of its properties that they might have had their payment card data stolen while making purchases at onsite restaurants, gift shops and spas.
The security breach affected 20 properties, including some Marriott, Starwood, Sheraton and Westin hotels, at various times between March 1, 2015 and June 21, 2016 according to the hotel chain. First reported to the chain by its card processor, the incident has now been contained, according to the company.
During the breach, malware on point-of-sale (PoS) terminals might have affected the payment card data of some customers, including card numbers, expiration dates and verification codes. The company is recommending that people who stayed at the affected properties closely review their credit and debit card statements for unusual activity, and immediately report any suspicious charges to their card issuers.
Forensic Investigator Called In
“HEI was recently alerted to a potential security incident by its card processor,” the company said in an online notice. “Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain properties designed to capture payment card information as it was routed through these systems.”
When it learned of the breach, HEI said it promptly notified law enforcement and hired an independent forensic expert to investigate the incident. The company also switched to a standalone payment processing system to separate PoS transactions from the rest of its network.
“Based on an independent forensic investigation, we believe that individuals were able to gain unauthorized access to certain HEI computers and may have been able to access some payment card data as it was being entered into our systems,” the company said.
HEI apologized to customers for any concerns or frustrations caused by this incident. “We have also…