Hilton PoS systems hit with malware, customer details stolen

Global hotel operator Hilton Worldwide Holdings has revealed the discovery of malware in some point of sales systems in its hotels that targeted customer payment card information.

A third-party investigation found that the malware targeted specific payment card information which included cardholder names, payment card numbers, security codes and expiration dates, Hilton said.

It did not include addresses or personal identification numbers (PINs), according to the company.

Hilton advised customers who used their card at any of the global operator's hotels during a 17-week period - from November 18 to December 5 2014 or April 21 to July 27 2015 - to check their bank statements.

The hotel chain did not provide details on the number of cards affected.

It said it had immediately launched an investigation upon discovering the issue and "further strengthened" its systems.

Hilton is offering one-year credit monitoring for affected customers.

"As a precautionary measure, you may wish to regularly monitor your payment card account to see if there is any fraudulent or suspicious activity. You can do this through online, email or text alerts from your bank or financial institution," the hotel operator said.

"If there is any unauthorised activity, you may want to consider calling the bank or financial institution that issued the card in order to report the issue."

Hilton operates more than 4500 hotels, resorts and timeshare properties across 97 countries and territories.

The news comes less than a week after rival Starwood Hotels & Resorts Worldwide said 54 of its hotels in North America had been infected with malware designed to collect payment card data.