The recently acquired American hotel and leisure company, Starwood Hotels & Resorts Worldwide, Inc., has announced it has fallen victim to a security breach resulting in the loss of its customer’s financial data.

In a press release published Friday November 20, Starwood claims that the point-of-sale systems at a limited number of its North American locations were infected with malicious malware, allowing unauthorized parties to access the payment card information of its customers.

According to Starwood, the particular malware which infected their POS systems was designed to collect payment card information including cardholder name, card number, security code and expiration date. There is currently no evidence that contact information, PIN numbers, or any other customer information has been compromised, but the investigation into this security breach is still in process.

Based on the information they have right now, the malware has been found in POS systems located in certain restaurants, gift shops and other relevant Starwood properties. In total, 54 Starwood establishments have been affected by this malware, while the dates of infection range from November 2014 to October 2015.

Investigation into this breach is still underway and external help has been brought in to figure out how the malware was able to successfully infect the POS systems of 54 Starwood establishments and to remove the malware from the hotel chains POS systems.

This breach is something Target knows all too well, as once this type of malware is installed it has the ability to literally scrape the financial data from these systems and end up being used to create clones cards, empty victims bank accounts and conduct identity theft.

The hospitality industry is often times a perfect target for fraudsters. According to the Verizon 2014 Data Breach Investigations Report, restaurants, hotels & grocery stores are the most commonly affected industries suffering from POS intrusions.

Unfortunately for consumers, even though the PCI DSS Compliance Standards require an organization to implement solutions like system hardening and file integrity monitoring, few retailers operate these requirements sufficiently well. It’s vitally important that companies within the hospitality industry both large and small understand that implementing security solutions like File Integrity Monitoring and System Hardening are no longer optional, they are essential to securing your IT estate and valuable consumer payment credentials.

With NNT’s Change Tracker Gen7, your organization will come equipped with best in class security solutions like Non-stop File Integrity Monitoring, Continuous Compliance, System Hardening & Vulnerability Management, Change & Configuration Management, and Breach Detection solutions to help protect your IT environment from any attack.

NNT’s Real-time, continuous File Integrity Monitoring (FIM), records changes to any binary system or application files, as well as to any text-based configuration file, recording what changed and who made the change. Threat Intelligence feeds are leveraged to automatically confirm the legitimacy of any file changes detected, providing an incontestable confirmation of 'known good' status. All file attributes are tracked, including a unique, secure hash value to highlight Trojan and APT Malware.

To learn more about NNT’s Change Tracker Gen7, click here to watch the pre-recorded demo overview: 




Read the article on ZDNet here

Read the Starwood Hotels Press Release

See the List of Affected Starwood Establishments




USA Offices
New Net Technologies Ltd
9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
St Albans


Tel: 08456 585 005
Fax: 08456 122 031
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.