Hilton Worldwide payment systems hit by data breach

Hilton Worldwide has become the second hotel chain this week to announce that its point-of-sale systems have been hit by malware targeting credit card data.

The company said that it has “identified and taken action” to eradicate unauthorised malware that targeted payment card information in some point-of-sale systems across its portfolio. It is not clear if the security breach has affected any hotels in the UK.

It comes just days after a similar announcement from Starwood Hotels & Resorts, in which some 50 of the group’s North American hotels are believed to have been hit by malware allowing unauthorised parties to access customer’s payment card data.

Hilton said the malware found its way onto point-of-sale systems and enabled hackers to steal payment card information. This information includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).

Hilton immediately launched an investigation, with the help of third-party forensics experts, law enforcement and payment card companies, and has since further strengthened its systems, according to a statement from the group.

As a precautionary measure, Hilton has advised customers to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel over a seventeen-week period, from 18 November to 5 December, 2014 and 21 April to 27 July, 2015.

In the statement, the company added: “Customers generally are not responsible for fraudulent activity on their payment cards, and should contact their financial institution directly if they notice any irregularities.”