I’m sorry to be the bearer of bad news, but if you went to any of the hotels listed below, I’m sure you’d want to know about this.
HEI, a hotel management-owner/operator company, has reported a breach in their point-of-sale registers at various hotel restaurants, gift shops or spas (Note: HEI states that the breach did not reach hotel front desk payments, though I’d be cautious as to those as well). This is the PRESS RELEASE.
Below is the list of properties affected, together with the pertinent dates:
As to what happened, HEI states:
Based on an independent forensic investigation, we believe that individuals were able to gain unauthorized access to certain HEI computers and may have been able to access some payment card data as it was being entered into our systems.
After learning of the incident, we took prompt steps to address and contain it, including transitioning payment card processing to a stand-alone system that is completely separated from the rest of our network and disabling the malware and have reconfigured our point-of-sale and payment card processing systems to enhance the security of these systems and to help prevent this type of incident from happening again in the future. We have also been in contact with law enforcement and will continue to cooperate with their ongoing investigation.
If you made purchases at the affected terminals:
We believe that the incident may have affected customers that made a payment card purchase at point-of-sale terminals at certain HEI properties during the dates identified in the table above.
For customers that made purchases using credit or debit cards during this time, information including name, card account number, card expiration date, and card verification code could have been affected.
HEI states that no sensitive information, such as Social Security Information, could have been stolen. Nevertheless, if you made purchases at any of the affected properties during the dates listed above, HEI recommends that you contact the financial institution that issued your credit or debit card for further instructions.
I checked the list and I was not at any of the listed hotels. Were you? How did you learn of the breach?