Tens-of-thousands of card details put at risk in hotel hack
Marriott, Hyatt, Starwood and IHG hit by POS malware


Customers at 20 US hotels may have had their credit card details exposed to hackers after malware was discovered on the properties' point-of-sale (POS) systems.
The hotels are run by a hotel management business, HEI Hotels and Resorts, but operate under big-name brands like Marriott, Hyatt and InterContinental Hotels Group (IHG).
According to a statement from HEI, those at risk would have used their credit or debit cards to pay for services at the hotel properties, such as purchasing food or drink. The organisation has not stated whether or not POS transactions for accommodation have been affected.
Data stolen could include customer names and card account numbers, expiration dates and three-digit verification (CSV/CVV) codes.
The company added: "HEI was recently alerted to a potential security incident by its card processor. Based upon an extensive forensic investigation, it appears that unauthorised individuals installed malicious software on our payment processing systems at certain properties designed to capture payment card information as it was routed through these systems."
HEI is treating the incident as "top priority" and has managed to disable the malware. It is now in the process of reconfiguring and enhancing the security protocols of its network and payment systems. Law enforcement has also been informed.
Chris Daly, a spokesman for HEI, told Reuters over 20,000 transactions may have been affected by the malware. However, it's difficult to accurately calculate how many individuals or cards may be affected, he said, as multiple transactions may have legitimately been carried out on a single card.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
IT Pro contacted the affected hotel chains but had not received a response at the time of publication. However, a full list of affected properties can be found here.

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly