I f you have used a credit card at what are known as point of sale systems at certain hotel properties of both Starwood Hotels and Resorts Worldwide, Incorporated and Hilton Worldwide, you might be one of the victims of data breaches which have been reported.
Data breaches are part of a technology problem which is seeming to become more and more prevalent in recent years where nefariously rogue people are trying to get access to sensitive data and steal it to use for their own benefit — specifically, the payment card numbers, expiration dates and security codes of customers — and companies in the travel industry are certainly no exception.
Starwood Data Breach
This official announcement was released by the president of The Americas division of Starwood Hotels and Resorts Worldwide, Incorporated on Friday, November 20, 2015; and it is reproduced below in its entirety.
Dear Starwood Customers:
We recently became aware of a malware intrusion that affected some point of sale systems at a limited number of Starwood hotels in North America. Promptly after discovering the issue, we engaged third-party forensic experts to conduct an extensive investigation. We have been working closely with law enforcement authorities and coordinating our efforts with the payment card organizations to determine the facts. We want to assure you that protecting the security of our customers’ personal information is a top priority for Starwood.
Based on the investigation, we discovered that the point of sale systems at certain Starwood hotels were infected with malware, enabling unauthorized parties to access payment card data of some of our customers. We want you to know that the affected hotels have taken steps to secure customer payment card information, and the malware no longer presents a threat to customers using payment cards at our hotels.
We have determined the following:
- The attack targeted certain point of sale systems at a limited number of Starwood properties in North America. The locations and potential dates of exposure for each affected Starwood property are listed here.
- The malware affected certain restaurants, gift shops and other point of sale systems at the relevant Starwood properties. We have no indication at this time that our guest reservation or Starwood Preferred Guest membership systems were impacted.
- The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date. There is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue.
We sincerely regret any inconvenience this may cause. We take our obligation to safeguard personal information very seriously and are alerting affected customers about this incident so they can take steps to help protect their information. You are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228. We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports. If you believe your payment card may have been affected, please contact your bank or card issuer immediately.
In addition, we have arranged with AllClear ID to offer identity protection and credit monitoring services to affected Starwood customers for one year at no cost to them. The Reference Guide provides information on registration and recommendations by the U.S. Federal Trade Commission on the protection of personal information.
If you have any questions or would like more information, please call 1-855-270-9179 (U.S. and Canada) or 1-512-201-2201 (International), Monday through Saturday, 8:00 am to 8:00 pm CST.
Again, we sincerely apologize for any inconvenience this issue may cause.
Sincerely,
Sergio Rivera
President, The Americas
Affected Starwood Hotel Properties
This is a list of the 54 Starwood Hotels and Resorts Worldwide, Incorporated hotel and resort properties in the United States and Canada which were affected by payment card security issue; and you may want to check to see if the information of the payment card you used was exposed if you stayed at one of the hotel and resort properties:
| Hotel Property | Location |
Start Date |
End Date |
|---|---|---|---|
| Le Centre Sheraton Montreal | Montréal, Quebec |
March 2, 2015
|
April 6, 2015 |
| Moana Surfrider, A Westin Resort | Honolulu, Hawaii | February 2, 2015 | April 4, 2015 |
| Palace Hotel, San Francisco | San Francisco, California |
December 25, 2014
|
April 4, 2015 |
| Sheraton Atlantic City Convention Center Hotel | Atlantic City, New Jersey | November 7, 2014 | May 6, 2015 |
| Sheraton Birmingham Hotel | Birmingham, Alabama |
March 2, 2015
|
April 14, 2015 |
| Sheraton Boston Hotel | Boston, Massachusetts | March 2, 2015 | April 9, 2015 |
| Sheraton Dallas Hotel | Dallas, Texas |
March 2, 2015
|
April 16, 2015 |
| Sheraton Denver Hotel | Denver, Colorado | March 2, 2015 | May 2, 2015 |
| Sheraton Fairplex Hotel & Conference Center | Pomona, California |
March 2, 2015
|
April 13, 2015 |
| Sheraton Grand Sacramento Hotel | Sacramento, California | March 2, 2015 | April 19, 2015 |
| Sheraton Kansas City Hotel at Crown Center | Kansas City, Missouri |
March 2, 2015
|
April 16, 2015 |
| Sheraton Maui Resort & Spa | Maui, Hawaii | November 7, 2014 | April 16, 2015 |
| Sheraton New Orleans Hotel | New Orleans, Louisiana |
November 7, 2014
|
April 16, 2015 |
| Sheraton New York Times Square Hotel | New York, New York |
March 2, 2015
|
May 3, 2015 |
| Sheraton San Diego Hotel & Marina | San Diego, California | January 3, 2015 | March 2, 2015 |
| Sheraton Seattle Hotel | Seattle, Washington |
March 2, 2015
|
April 16, 2015 |
| Sheraton Stonebriar Hotel | Frisco, Texas | March 2, 2015 | April 8, 2015 |
| Sheraton Waikiki | Honolulu, Hawaii |
November 7, 2014
|
April 8, 2015 |
| Sheraton Wild Horse Pass Resort & Spa | Chandler, Arizona | March 2, 2015 | May 6, 2015 |
| The Phoenician, a Luxury Collection Resort | Scottsdale, Arizona |
January 23, 2015
|
April 17, 2015 |
| The St. Regis Bal Harbour Resort | Bal Harbour, Florida | March 2, 2015 | April 16, 2015 |
| The Westin Birmingham | Birmingham, Alabama |
March 2, 2015
|
April 7, 2015 |
| The Westin Boston Waterfront | Boston, Massachusetts | March 2, 2015 | April 20, 2015 |
| The Westin Charlotte | Charlotte, North Carolina | January 6, 2015 | April 13, 2015 |
| The Westin Chicago River North | Chicago, Illinois | March 2, 2015 | April 5, 2015 |
| The Westin Cincinnati | Cincinnati, Ohio | March 2, 2015 | June 30, 2015 |
| The Westin Detroit Metropolitan Airport | Detroit, Michigan | March 2, 2015 | April 9, 2015 |
| The Westin Ka`Anapali Ocean Resort Villas | Lahaina, Hawaii | March 2, 2015 | March 26, 2015 |
| The Westin Kansas City at Crown Center | Kansas City, Missouri | November 7, 2014 | April 5, 2015 |
| The Westin Kierland Resort & Spa | Scottsdale, Arizona | January 22, 2015 | April 5, 2015 |
| The Westin Kierland Villas, Scottsdale | Scottsdale, Arizona | January 20, 2015 | January 21, 2015 |
| The Westin La Paloma Resort & Spa | Tucson, Arizona | March 2, 2015 | April 16, 2015 |
| The Westin Lombard Yorktown Center | Lombard, Illinois | March 2, 2015 | April 4, 2015 |
| The Westin Los Angeles Airport | Los Angeles, California | March 2, 2015 | April 4, 2015 |
| The Westin Maui Resort & Spa | Maui, Hawaii | March 2, 2015 | April 8, 2015 |
| The Westin Michigan Avenue Chicago | Chicago, Illinois | March 2, 2015 | May 14, 2015 |
| The Westin Mission Hills Golf Resort & Spa | Rancho Mirage, California | January 6, 2015 | February 10, 2015 |
| The Westin New York at Times Square | New York, New York | March 2, 2015 | April 25, 2015 |
| The Westin New York Grand Central | New York, New York | March 2, 2015 | April 10, 2015 |
| The Westin Phoenix Downtown | Phoenix, Arizona | January 5, 2015 | April 16, 2015 |
| The Westin Princeville Ocean Resort Villas | Princeville, Hawaii | March 2, 2015 | March 26, 2015 |
| The Westin Seattle | Seattle, Washington | November 7, 2014 | April 7, 2015 |
| The Westin South Coast Plaza | Costa Mesa, California | November 7, 2014 | December 3, 2014 |
| The Westin St. Francis | San Francisco, California | March 2, 2015 | April 8, 2015 |
| The Westin Stonebriar Hotel & Golf Club | Frisco, Texas | November 7, 2014 | April 15, 2015 |
| The Westin Waltham Boston | Waltham, Massachusetts | November 7, 2014 | April 20, 2015 |
| W Hoboken | Hoboken, New Jersey | November 7, 2014 | April 15, 2015 |
| W Hollywood | Los Angeles, California | March 2, 2015 | April 6, 2015 |
| W Montreal | Montréal, Quebec | March 2, 2015 | April 6, 2015 |
| W New Orleans – French Quarter | New Orleans, Louisiana | March 2, 2015 | October 23, 2015 |
| W New York – Times Square | New York, New York | March 2, 2015 | March 8, 2015 |
| W Retreat & Spa – Vieques Island | Vieques Island, Puerto Rico | March 2, 2015 | April 13, 2015 |
| W South Beach | Miami Beach, Florida | January 22, 2015 | April 9, 2015 |
| Walt Disney World Dolphin, A Sheraton Hotel | Orlando, Florida | November 5, 2014 | April 13, 2015 |
Hilton Data Breach
This official announcement was released by a representative of Hilton Worldwide, Incorporated on Tuesday, November 24, 2015; and it is reproduced below in its entirety.
Hilton Worldwide Has Identified and Taken Action to Eradicate Malware
MCLEAN, Va. – Hilton Worldwide (NYSE: HLT) has identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems. Hilton immediately launched an investigation and has further strengthened its systems.
Hilton Worldwide worked closely with third-party forensics experts, law enforcement and payment card companies on this investigation, and determined that specific payment card information was targeted by this malware. This information includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).
As a precautionary measure, customers may wish to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel over a seventeen-week period, from November 18 to December 5, 2014 or April 21 to July 27, 2015.
Customers generally are not responsible for fraudulent activity on their payment cards, and should contact their financial institution directly if they notice any irregularities. They can also visit hiltonworldwide.com/guestupdate for more details, including how to receive one year of complimentary credit monitoring.
Hilton Worldwide is strongly committed to protecting customers’ payment card information, and we sincerely regret any inconvenience this may have caused customers.
Contact:
Chris Brooks
hiltonmedia@hilton.com
(571) 395-1474
I have not confirmed at this time as to whether or not the latest security breach reported pertaining to Hilton Worldwide is related to the one on which I reported in this article back on Sunday,
To my knowledge, Hilton Worldwide has not released a specific list of hotel and resort properties affected by the data breach — supposedly limited to credit card transactions at restaurants and gift shops.
What Can You Do?
Although I have given some extensive advice about what you can do about identity theft and credit card fraud — as well as how to reduce your risk — sometimes it is simply almost impossible to avoid.
Even if one of those aforementioned nefariously rogue people did manage to acquire the credit card number which you used for payment, the worst case scenario is typically that your credit card number will be used fraudulently — and bills start appearing in your name…
…and you can find out if that is actually happening by simply checking your monthly credit card statement vigilantly. If you find any questionable charges, report them to the financial institution which issued the credit card — usually by calling the telephone number on the back of the credit card. At worst, it may be a legitimate charge about which you might have temporarily forgotten or may simply be a legitimate charge listed under a name you may not recognize. At best, you have caught a scammer attempting to use your information fraudulently; and you will have stopped this person sooner.
Financial institutions have been more proactive in preventing fraud from occurring sooner. That happened to me within the past week and I received an e-mail message pertaining to the potential fraud. Not wanting to respond to the e-mail message directly — as it could be spam or an attempt at “phishing” — the financial institution was contacted via telephone; and sure enough, the charges were legitimate but had not posted to the monthly statement as of yet. My credit card was immediately canceled and a new one will be issued and sent to me — and I am not required by law to pay a single cent for the charges not incurred by me if I report the fraudulent purchases within 60 days, as the Fair Credit Billing Act and the Electronic Fund Transfer Act have specific limits on how much money I will lose if my sensitive data is stolen and used fraudulently.
Summary
As we become increasingly dependent on technology for our everyday tasks, our sensitive information becomes more and more vulnerable — and either companies are failing depute their best efforts; or they are just simply not diligent enough in protecting sensitive data.
Either way, I wonder if companies would be more vigilant if they would compensate customers every time their accounts were breached or their sensitive information stolen. If the answer is that they would go broke if that happened, that only further convinces me of the gravity of this technology problem and that better security measures need to be put in place.
These past articles written by me seem to illustrate how serious is this problem of protecting sensitive data from being breached — and it seems that no company is immune:
- Miles Stolen; American, United and Delta Frequent Flier Accounts Breached
- Warning: Security Breach of E-Mail Accounts at Various Companies
- Unauthorized Individual Accessed My Hyatt Gold Passport Account?
- Cyber Attack on an Account I Have Not Had in Years?!?
- Breaking News: Many British Airways Executive Club Accounts Locked; Avios Reset to Zero
- My Starwood Account Was Compromised: More Details — and What Happened
- Follow Up: My Telephone Call With a Starwood Representative
- Warning: Your Hilton HHonors Account Can Be Sold for Cents on the Dollar by Thieves
How would you consider fighting these security and data breaches?
