Starwood reports payment information data breach

Starwood Hotels & Resorts Worldwide Inc. said hackers stole customer credit-card and debit-card information during a data breach that lasted for almost eight months and affected 54 locations, including a number of luxury properties.

A full list of the hotels is on the Starwood Hotels website.

Payment systems at two hotels in Montreal, Canada and one in Puerto Rico were also breached.

The other local hotel was The Westin St. Francis at 335 Powell St., which experienced potential data breaches from March 3 to April 8, according to company officials. It also said there’s no indication at this point that its guest reservation or preferred-guest membership systems were affected or that customer PINs or contact information was captured.

The hotelier said malware was found in payment systems at restaurants, gift shops, bars and other retail areas within hotels, but not at the front desk where guests pay for their stay. Company representatives said the malware operated between November 2014 and October 2015.

The locations and potential dates of exposure for each affected Starwood property is available at www.starwoodhotels.com/paymentcardsecuritynotice.

The hotel group is offering all affected customers extensive credit protection services, at no cost to customers, along with suggested steps should you find fraudulent transactions on your records as a result of this security breach. Starwood indicated the malware has been neutralized and is no longer a threat to customers using payment cards at its hotels, and that it has implemented additional unspecified security measures.

Starwood encourages customers to carefully review and monitor their payment card account statements.