Hilton Worldwide Says Malware Targeted Its Credit Card System

It has warned anyone who used credit cards at Hilton Worldwide hotels between November 18 and December 5 last year or April 21 and July 27 this year to watch for irregular activity in their accounts.

Hilton Worldwide (HLT) said Tuesday it has identified and eliminated malware that targeted card information during a 17- week period.

The owner of the Conrad and Double Tree hotel chains did not provide details on the number of cards affected.

The Trump Hotel Collection chain confirmed in September they had also been the victim of an attack and had notified the Federal Bureau of Investigation and financial institutions.

Starwood said an investigation by forensic experts concluded that malware was detected in some restaurants, gift shops and other points-of-sale systems at hotels.

The news comes less than a week after rival Starwood Hotels & Resorts Worldwide said 54 of its hotels in North America had been infected with malware created to collect payment card data.

Guest information was illegally obtained through the covert installation of “malware” on various hotel systems, serving to relay credit card information to a malicious third party rather than exclusively to the banks entrusted with processing each electronic payment.

Hilton operates a large number of hotels, not all under the Hilton brand.

Adoption of secure “chip and PIN” payment technology in the United States significantly trails that of Australia and other countries, with Stateside merchants often swiping customers’ credit cards through their cash register system instead of a separate EFTPOS terminal.