Travelers who stayed at a Starwood-owned hotel or resort since late last year may want to keep a close eye on their credit card statements. The company, which owns several high-end hotel chains like Westin, Sheraton, W, and St. Regis, announced on Friday that 54 of its locations fell victim to a malware attack against its point of sale system at various points beginning in November 2014.
According to the company, the malware collected various bits of credit card information, such as card numbers, security codes, cardholder names, and expiration dates. Starwood says that the malware did allow thieves to make unauthorized charges on some customers’ credit cards.
Starwood says that as far as it can tell, the infection did not affect its reservation system or the Starwood Preferred Guest membership system, and that “there is no evidence that other customer information, such as contact information or PINs, were affected by this issue.” The company has since corrected the problem.
The company has published a list of locations (PDF) that were affected by the malware infection; the list also includes the dates during which each location’s systems were infected.
If you stayed at one of the affected hotels and noticed suspicious charges on your credit card, notify your financial institution immediately. For more details, visit Starwood’s security notice page.