NPC Security Alerts
Customers of Hilton Worldwide Hotels May Have Had Their Payment Information Compromised

November 26th, 2015



What's the issue?

Hilton Worldwide, the leader in global hospitality, has issued a statement advising they have "identified and eradicated unauthorized malware that targeted payment card information in some point-of-sales systems". The hotel franchise has since launched an investigation into the breach, and determined that the payment card information in question "may have included cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs)." It is still unclear which particular hotel(s) have been affected by the malware, however Hilton Worldwide has over 4500 properties that include Hilton Hotels & Resorts, Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Curio - A Collection by Hilton, DoubleTree by Hilton, Embassy Suites by Hilton, Hilton Garden Inn, Hampton by Hilton, Homewood Suites by Hilton, Home2 Suites by Hilton and Hilton Grand Vacations.


How did it happen?

According to security expert Brian Krebs, Visa identified patterns of credit card fraud that were all linked to the Hilton properties. The security breach does not appear to be related to the guest reservations systems at the hotels, but rather from "compromised point-of-sale registers in gift shops and restaurants" in the hotels. With the help of a third-party forensics expert, Hilton Worldwide has found evidence of malware that "may have been present on some point-of-sale systems over a seventeen-week period, from November 18 to December 5, 2014 or April 21 to July 27, 2015."


What should I do?

At this time Hilton Worldwide has not yet released how many people may be affected by this breach, but recommends for guests who have stayed at their hotels during the affected periods to monitor their account statements for any irregular transactions. Hilton Worldwide is also offering complimentary one-year credit monitoring through All-Clear for those who have used a payment card transaction at a Hilton Worldwide property during that period. To sign up for the credit monitoring click here.


For more information

If you have any questions or concerns, do not hesitate to call the support centre at 1-855-667-2642 or email support@npcmail.net.


Sources

Hilton Worldwide Guest Update - Hilton Worldwide Global Media Center

Frequently Asked Questions - Hilton Worldwide Global Media Center

Banks: Card Breach at Hilton Hotel Properties - Krebs on Security


NPC Security Alerts

Receive our NPC Security Alerts email to stay on top of the most important security threats to your devices, data, and your privacy. We do not use this list for any other purpose.

Sign up now