The recently acquired American hotel and leisure company, Starwood Hotels & Resorts Worldwide, Inc., has announced it has fallen victim to a security breach resulting in the loss of its customer’s financial data.

In a press release published Friday, November 20, Starwood claims that the point-of-sale systems at a limited number of its North American locations were infected with malicious malware, allowing unauthorized parties to access the payment card information of its customers.

According to Starwood, the particular malware which infected their POS systems was designed to collect payment card information including cardholder name, card number, security code and expiration date. There is currently no evidence that contact information, PIN numbers, or any other customer information have been compromised, but the investigation into this security breach is still in process.

Based on the information they have right now, the malware has been found in POS systems located in certain restaurants, gift shops, and other relevant Starwood properties. In total, 54 Starwood establishments have been affected by this malware, while the dates of infection range from November 2014 to October 2015.

The investigation into this breach is still underway and external help has been brought in to figure out how the malware was able to successfully infect the POS systems of 54 Starwood establishments and to remove the malware from the hotel chains POS systems.

This breach is something Target knows all too well, as once this type of malware is installed it has the ability to literally scrape the financial data from these systems and end up being used to create clones cards, empty victims bank accounts and conduct identity theft.

The hospitality industry is often times a perfect target for fraudsters. According to the Verizon 2014 Data Breach Investigations Report, restaurants, hotels & grocery stores are the most commonly affected industries suffering from POS intrusions.

Unfortunately for consumers, even though the PCI DSS Compliance Standards require an organization to implement solutions like system hardening and file integrity monitoring, few retailers operate these requirements sufficiently well. It’s vitally important that companies within the hospitality industry both large and small understand that implementing security solutions like File Integrity Monitoring and System Hardening are no longer optional, they are essential to securing your IT estate and valuable consumer payment credentials.

With NNT’s Change Tracker Gen7, your organization will come equipped with best in class security solutions like Non-stop File Integrity Monitoring, System Hardening & Vulnerability Management, Change & Configuration Management, and Breach Detection solutions to help protect your IT environment from any attack.

NNT’s real-time FIM solution records changes to any binary system or application files, as well as to any text-based configuration file, recording what changed and who made the change. Threat Intelligence feeds are leveraged to automatically confirm the legitimacy of any file changes detected, providing an incontestable confirmation of 'known good' status. All file attributes are tracked, including a unique, secure hash value to highlight Trojan and APT Malware. 

 

Read the article on ZDNet here

Read the Starwood Hotels Press Release

See the List of Affected Starwood Establishments

 

 

 

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.