The recently acquired American hotel and leisure company, Starwood Hotels & Resorts Worldwide, Inc., has announced it has fallen victim to a security breach resulting in the loss of its customer’s financial data.
In a press release published Friday, November 20, Starwood claims that the point-of-sale systems at a limited number of its North American locations were infected with malicious malware, allowing unauthorized parties to access the payment card information of its customers.
According to Starwood, the particular malware which infected their POS systems was designed to collect payment card information including cardholder name, card number, security code and expiration date. There is currently no evidence that contact information, PIN numbers, or any other customer information have been compromised, but the investigation into this security breach is still in process.
Based on the information they have right now, the malware has been found in POS systems located in certain restaurants, gift shops, and other relevant Starwood properties. In total, 54 Starwood establishments have been affected by this malware, while the dates of infection range from November 2014 to October 2015.
The investigation into this breach is still underway and external help has been brought in to figure out how the malware was able to successfully infect the POS systems of 54 Starwood establishments and to remove the malware from the hotel chains POS systems.
This breach is something Target knows all too well, as once this type of malware is installed it has the ability to literally scrape the financial data from these systems and end up being used to create clones cards, empty victims bank accounts and conduct identity theft.
The hospitality industry is often times a perfect target for fraudsters. According to the Verizon 2014 Data Breach Investigations Report, restaurants, hotels & grocery stores are the most commonly affected industries suffering from POS intrusions.
Unfortunately for consumers, even though the PCI DSS Compliance Standards require an organization to implement solutions like system hardening and file integrity monitoring, few retailers operate these requirements sufficiently well. It’s vitally important that companies within the hospitality industry both large and small understand that implementing security solutions like File Integrity Monitoring and System Hardening are no longer optional, they are essential to securing your IT estate and valuable consumer payment credentials.
With NNT’s Change Tracker Gen7, your organization will come equipped with best in class security solutions like Non-stop File Integrity Monitoring, System Hardening & Vulnerability Management, Change & Configuration Management, and Breach Detection solutions to help protect your IT environment from any attack.
NNT’s real-time FIM solution records changes to any binary system or application files, as well as to any text-based configuration file, recording what changed and who made the change. Threat Intelligence feeds are leveraged to automatically confirm the legitimacy of any file changes detected, providing an incontestable confirmation of 'known good' status. All file attributes are tracked, including a unique, secure hash value to highlight Trojan and APT Malware.
Read the article on ZDNet here
Read the Starwood Hotels Press Release
See the List of Affected Starwood Establishments