Hilton Hotels and Resorts is reportedly looking into claims that some of its point-of-sale devices were compromised, some potentially as far back as November 2014.
Security blogger Brian Krebs notes that Visa sent alerts to financial institutions warning of a breach from April 21 to July 27, but per its policy, didn’t name the location.
August 31, 2016 , 10:42 am
August 29, 2016 , 9:58 am
August 26, 2016 , 9:00 am
It’s believed that POS devices in some of the hotel chain’s restaurants, coffee bars and gift shops are the culprit, Krebs claims, adding that some of his sources claim it could date back to 2014.
Krebs says that sources at five different banks are maintaining the cards were used at Hilton affiliate hotels such as Embassy Suites, Doubletree, Hampton Inn and Suites, and the Waldorf Astoria Hotels & Resorts.
Insisting that credit card fraud is “all too common” these days, Hilton Worldwide released a statement late last week that it was looking into the claims.
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said. “We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
If its ultimately determined that Hilton didn’t adequately secure its systems, a recent ruling claims that the Federal Trade Commission would have the right to punish the chain for its practices. The ruling stems from a United States Court of Appeals decision last month that denied a motion by the Wyndham Worldwide hotel chain to dismiss a lawsuit brought about by the FTC after it was hit by a data breach in 2008.
In the lawsuit, lodged in 2012, the FTC accused Wyndham of running computer systems that unreasonably and unnecessarily exposed consumer data to risk for theft. Yet it was the hotel’s weak information security policies and practices that directly led to the breaches and the $10.6 million in fraudulent charges that plagued victims’ credit cards.