Starwood made an announcement today that select POS (Point of Sale) systems in number of hotels in the United States and Canada had been infected with malware.
People that used their credit cards at coffee shops, restaurants and other outlets at hotels beyond front desk have had their card info stolen.
Here’s the announcement:
November 20, 2015
Dear Starwood Customers:
We recently became aware of a malware intrusion that affected some point of sale systems at a limited number of Starwood hotels in North America. Promptly after discovering the issue, we engaged third-party forensic experts to conduct an extensive investigation. We have been working closely with law enforcement authorities and coordinating our efforts with the payment card organizations to determine the facts. We want to assure you that protecting the security of our customers’ personal information is a top priority for Starwood.
Based on the investigation, we discovered that the point of sale systems at certain Starwood hotels were infected with malware, enabling unauthorized parties to access payment card data of some of our customers. We want you to know that the affected hotels have taken steps to secure customer payment card information, and the malware no longer presents a threat to customers using payment cards at our hotels.
We have determined the following:
- The attack targeted certain point of sale systems at a limited number of Starwood properties in North America. The locations and potential dates of exposure for each affected Starwood property are listed here.
- The malware affected certain restaurants, gift shops and other point of sale systems at the relevant Starwood properties. We have no indication at this time that our guest reservation or Starwood Preferred Guest membership systems were impacted.
- The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date. There is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue.
We sincerely regret any inconvenience this may cause. We take our obligation to safeguard personal information very seriously and are alerting affected customers about this incident so they can take steps to help protect their information. You are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228. We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports. If you believe your payment card may have been affected, please contact your bank or card issuer immediately.
In addition, we have arranged with AllClear ID to offer identity protection and credit monitoring services to affected Starwood customers for one year at no cost to them. The Reference Guide provides information on registration and recommendations by the U.S. Federal Trade Commission on the protection of personal information.
If you have any questions or would like more information, please call 1-855-270-9179 (U.S. and Canada) or 1-512-201-2201 (International), Monday through Saturday, 8:00 am to 8:00 pm CST.
Again, we sincerely apologize for any inconvenience this issue may cause.
President, The Americas
Here are the affected hotels:
You would think that the systems that hotels use to process credit cards at their various outlets would be secure? There have been similar breaches at number of other hotels, so this is not something that has affected only Starwood.
So, if you visited any of the hotels listed on the PDF during the dates that their systems were breached and used credit card at any of the outlets, you should contact your credit card issuer and request them to send you a new card.