The Hilton hotel chain has confirmed that its point-of-sale systems were compromised by a malware infection that put customers' credit card information at risk.
Threat actors gained access twice between 18 November and 5 December last year, and between 21 April and 27 July this year.
The malware revealed the names, security codes and card numbers of hotel guests, which may have enabled hackers to make fraudulent purchases.
Hilton says it has now eliminated the offending malware and is offering a year's worth of credit monitoring free of charge to those that think they may be affected.
However, the announcement came two months after the malware's discovery, leaving little option for consumers to attempt their own efforts at damage control.
Hilton is the second hotel chain this week to reveal a breach of their systems. The Starwood group also announced that its PoS terminals were hit by similar credit card-stealing malware.
Hot on the heels of these heinous hacks is news of yet more PoS malware. The recently-discovered ModPoS' exploit has been described by iSight Partners the security company which unearthed it as "PoS malware on steroids" which reportedly stole "multiple millions" of credit cards.
According to Mark Bower, global director of product management for enterprise data security at HPE, "the good news is that savvy merchants are already tackling this risk and giving the malware nothing to steal through solutions that also have a dramatic cost reducing benefit to PCI compliance."
"Encrypting the data in the card reading terminal ahead of the POS eliminates the exposure of live information in vulnerable POS systems."
"No live data means no gold to steal," he says. "Attackers don't like stealing straw."
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
