Some Starwood hotels hit with credit card-stealing malware

The infection affected point-of-sale systems at 54 Starwood-owned hotels and resorts since late last year.

ransomware hardware security embedded circuit board integrated controller
Credit: IDGNS

Travelers who stayed at a Starwood-owned hotel or resort since late last year may want to keep a close eye on their credit card statements. The company, which owns several high-end hotel chains like Westin, Sheraton, W, and St. Regis, announced on Friday that 54 of its locations fell victim to a malware attack against its point of sale system at various points beginning in November 2014.

According to the company, the malware collected various bits of credit card information, such as card numbers, security codes, cardholder names, and expiration dates. Starwood says that the malware did allow thieves to make unauthorized charges on some customers’ credit cards.

Starwood says that as far as it can tell, the infection did not affect its reservation system or the Starwood Preferred Guest membership system, and that “there is no evidence that other customer information, such as contact information or PINs, were affected by this issue.” The company has since corrected the problem.

The company has published a list of locations (PDF) that were affected by the malware infection; the list also includes the dates during which each location’s systems were infected.

If you stayed at one of the affected hotels and noticed suspicious charges on your credit card, notify your financial institution immediately. For more details, visit Starwood’s security notice page.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.