Starwood Hotels hit by credit-card stealing malware

Starwood Hotels & Resorts is the latest hotel group to report that payment systems at a number of its properties have been compromised by point-of-sale malware.

The company, which was last week acquired by Marriott International, said the malware which enables unauthorised parties to access customer’s payment card data was found across 50 of the group’s North American hotels.

It is not believed that any of the company’s UK brands have been affected.

Starwood said it has engaged third-party forensic experts to conduct an ‘extensive’ investigation to determine the security breach which has affected, restaurants, gift shops, and other point-of-sale systems at some of the properties.

The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date, but there is no evidence that other customer information, such as contact information or PINs, were affected by the breach.

Starwood said the affected hotels have taken steps to secure customer payment card information and the malware no longer presents a threat to customers using payment cards at the group’s hotels.

Sergio Rivera, Starwood president in the Americas, said: “Protecting our customers’ information is critically important to Starwood and we take this issue extremely seriously. Quickly after we became aware of the possible issue, we took prompt action to determine the facts.

“We have been working closely with law enforcement authorities and have been coordinating our efforts with the payment card organisations. We want to assure our customers that we have implemented additional security measures to help prevent this type of crime from reoccurring.”

Starwood has encouraged its customers to carefully review and monitor their payment card account statements, adding they should immediately contact their bank of they believe they have been affected.