According to the hotel operator, HEI Hotels & Resorts, hotels in 10 states and in the District of Columbia may have been targeted by hackers for months.
HEI manages close to 60 Hyatt, Sheraton, Marriot, and Westin hotel properties. They claim that malicious software was installed on the payment processing system at certain properties, in hopes to harvest the data routed through the systems.
Malicious malware was placed into at least 20 different locations POS Systems, collecting the names, card account numbers, expiration dates, and verifications of hotel patrons.
HEI claims that data collection could have started as early as March 2015 at some hotel locations where people purchased food or beverages.
Once the malware was identified, HEI transitioned payment card processing to a stand-alone system that’s separate from the rest of its network. They disabled the malware and are in the process of reconfiguring various components of its network and payment systems to make them more secure.
HEI spokesman, Chris Daly, says HEI is working with credit card processors to figure out the exact number of unique card holders impacted. “Due to guests paying in multiple outlets during a stay or even visiting multiple times, or visiting multiple locations managed by HEI, an exact number is difficult to calculate.”
But the hospitality industry is no new target for criminals. Back in January, hackers were able to infiltrate over 250 Hyatt Hotel locations in over 50 countries after infecting the hotel chains payment processors with malware between August 13 and December 8, 2015. And in April, Trump Hotels announced they’re investigating another possible breach at three of its North American locations.
Moving forward, it’s vitally important that organizations within the hospitality industry implement a powerful File Integrity Monitoring tool that can notify you of any potentially harmful malware found in your IT estate.
NNT’s Real-time, continuous File Integrity Monitoring (FIM), records changes to any binary system or application files, as well as to any text-based configuration file, recording what changed and who made the change. Threat Intelligence feeds are leveraged to automatically confirm the legitimacy of any file changes detected, providing an incontestable confirmation of 'known good' status. All file attributes are tracked, including a unique, secure hash value to highlight Trojan and APT Malware.