Hilton advised customers who used a payment card at one of its hotels from April 21 to July 27 of this year, or between November 18 and December 5 of last year, to review their statements.
A third-party investigation found that the malware targeted specific payment card information which included cardholder names, payment card numbers, security codes and expiration dates, Hilton said.
Hilton Worldwide says it has identified and removed malware that targeted card payment systems at some of its hotels over a 17-week period from late 2014 to mid-2015.
The hotel chain did not provide details on the number of cards affected. In a statement released to customers today, Hilton Worldwide announced that the report was true, and that some of its point-of-sale systems were hacked.
The hotel chain said it has “taken action to eradicate unauthorized malware” and started an investigation.
Point-of-sale systems which rely only on a card’s magnetic stripe are often targeted by fraudsters, as the more advanced chip and PIN terminals utilise complex encryption and verification algorithms to protect the card number, and to verify whether the card presented is the original or a duplicate.
A couple of months ago it was reported that the Hilton hotel chain might have been the target of a hack.
The Hilton portfolio includes Hilton Hotels & Resorts, Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Curio – A Collection by Hilton, DoubleTree by Hilton, Embassy Suites by Hilton, Hilton Garden Inn, Hampton by Hilton, Homewood Suites by Hilton, Home2 Suites by Hilton and Hilton Grand Vacations.