Hilton Worldwide says it has identified and removed malware that targeted card payment systems at some of its hotels over a 17 week period from late 2014 to mid 2015.
The malware collected cardholder names, payment card numbers, security codes and expiration dates, the company said in a statement. The hotel chain is advising its customers to check their payment card statements for any unauthorized activity.
“As a precautionary measure, customers may wish to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel over a seventeen-week period, from Nov. 18 to Dec. 5, 2014 or April 21 to July 27, 2015,” the company said.
Hilton operates a large number of hotels, not all under the Hilton brand. The company’s other brands include Embassy Suites, Doubletree, Curio, Hampton Inn and Suites, Homewood Suites, Home2 Suites, Conrad Hotels & Resorts and Waldorf Astoria Hotels & Resorts.
Hilton said in September that is was investigating a possible hack of its computer system.
It’s not the only hotel chain to be recently targeted by hackers.
Late last week Starwood Hotels & Resorts Worldwide said “a limited number” of its hotels in North America were targeted with malware that stole customer payment card details.
While it’s not clear if it was the same malware as that aimed at Hilton, it stole the same four pieces of customer information.
The Starwood hack spanned the period between Nov. 7, 2014, and lasted as late as June 30, 2015.