Hilton Confirms Credit Card Breach In On-Property Stores And Restaurants

Two months ago, reports from banks indicated that there may have been a credit card breach from the payment systems in on-site stores, coffee shops, and restaurants in Hilton-owned hotels. Reservation and payment systems for hotel rooms were not affected. Hilton confirmed the breach late yesterday, warning customers who had used payment cards to check their statements.

Security researcher Brian Krebs noticed the announcement, which came out after business hours. The breach started last year, and Hilton says that their investigation indicates that cards taken were used between November 18 and December 5, 2014, and between April 21 and July 27, 2015. The card data taken included names, card numbers, security codes, and expiration dates, but not PINs from cards that had them, or other personal data about cardholders.

Hilton encourages people who may have shopped, dined, or picked up a coffee in shops inside their hotels to check their statements for suspicious activity, and to contact their bank if they find any. They are also offering the obligatory year of free credit monitoring that isn’t all that useful if someone has your credit card number.

What they did not do is specify which of their many brands were affected: Hilton-owned hotels range from the Waldorf-Astoria to your neighborhood Hampton Inn.

If this story sounds sort of familiar, it’s not because we’re in pre-holiday reruns: it’s because just last week Starwood Hotels announced a similar breach that may have affected points of sale in gift shops and restaurants in their hotels between November 2014 and October 2015.

Hilton Acknowledges Credit Card Breach [Krebs on Security]
Hilton Worldwide Has Identified and Taken Action to Eradicate Malware [Hilton]