Now more serious security flaw has surfaced at Hilton affiliated properties in the United States where many point of sale terminals may have been infected with malware and credit card information used to pay at gift shops and restaurants hacked.
You can access KrebsOnSecurity here that first reported this and below is an excerpt:
In August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015. The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity.
However, sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.
In a written statement, a Hilton spokesperson said the company is investigating the breach claims.
Nothing is going to happen before banks start going after merchants that have inadequate security systems in place that allow these breaches happen time after time. I had two of my credit cards cloned in Brazil earlier this year and several times previously.
Obviously it is difficult for individual customer pinpoint where the breach took place, but it is easy for these financial institutions cross reference where transactions have taken placer earlier for the compromised cards. They really should make the merchants pay for this mess.