Hackers Swipe Credit Card Data from Hilton, Doubletree and More

Hilton Hotel Hack

What Happened?

Hilton Worldwide is investigating a potential hack of customer credit and debit card information at a number of their U.S. Hilton hotels and franchise property locations. Hotels under the Hilton name, as well as the company’s Embassy Suites, Doubletree, Hampton Inn and Suites and Waldorf Astoria Hotels & Resorts may be affected by this data breach.

Hackers allegedly gained access to sensitive data by breaching point-of-sale systems (cash registers and payment terminals) at numerous restaurants, coffee shops, gift shops and other retail stores located within the hotels. Reservation and room payment information was not affected by the hack. 

Hackers frequently target these small retailers using malware to siphon off payment card data. Using this data, thieves can make fraudulent online purchases or “clone” the payment card. Card cloning is an increasingly common tactic in which a thief creates a bogus credit card using stolen card data. Once cloned, rouge purchases will appear on your bank account.

Threats such as card cloning and POS skimming are expected to dissipate in the near future thanks to the impending shift to EMV technology.

At this time, little information is known about the size and scope of the attack. Brian Krebs, the investigative journalist credited with breaking the story, reports that in August, Visa caught wind of suspicious transactions related to a major organization. Visa sent confidential alerts to numerous financial institutions warning them of an attack between April 21, 2015 and July 27, 2015. Per Visa’s breach notification standards, they do not name the suspected entity; however, many fingers are pointing to Hilton as the likely victim of the attack.

Meanwhile, other experts believe the resulting pattern of credit card fraud dates back even further. Many believe credit card stolen from these properties experienced fraud as early as November 2014.

What Should You Do?

If you used your payment card at a Hilton Hotel or franchise property retailer within the past year, your financial information may have been exposed. At-risk individuals should monitor their bank statements for unusual transactions. Report any unusual activity to your financial institution immediately. 

Fighting Identity Crimes will keep you updated as new information becomes available about the Hilton hack. Be sure to subscribe to our blog to stay up-to-date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.


Leave a Comment.