Oh No! Here we go again! It’s disturbing that reports such as this have become so commonplace.
KrebsOnSecurity is reporting that there is a pattern of possible credit card fraud suggesting that “hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel . . . properties across the United States.”
The KrebsOnSecurity article, entitled Banks: Card Breach at Hilton Hotel Properties states, in relevant part:
Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims.
In August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015. The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity.
However, sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.
In a written statement, a Hilton spokesperson said the company is investigating the breach claims.
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said. “We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
KrebsOnSecurity further stated that “the breach does not appear to be related to the guest reservation systems at the affected locations“, but rather “the the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties.” At this point, the number of Hilton properties affected is unclear, but there KrebsOnSecurity reports it may date back to late 2014.