Hotel Chain Hilton Worldwide Investigating Potential POS Breach

Hilton Worldwide is looking into claims of a substantial credit card breach after independent security researcher and journalist Brian Krebs broke the news this weekend.

In addition to the flagship Hilton Hotels, the subsidiaries Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts are also thought to be affected by this breach.

Someone has hacked the Hilton’s sales registers, and made off with guests’ credit-card details, it’s claimed.

A Hilton WorldWide spokesman released a statement by the hotel group, noting that it was aware of reports of the credit card breach.

In a statement to Computing, the company said: “Hilton Worldwide is strongly committed to protecting our customers’ credit card information”.

It is not clear how many accounts may have been compromised, but the malware was active from April 21 to July 27 of this year, apparently. Visa then alerted several banks and financial institutions confidentially in August, warning them of a breach.

It appears a number of Hilton Hotels properties have been part of a payments breach, Krebs on Security reported, citing multiple banking sources.

Card numbers were included in the alert to the banks, but Visa wasn’t able to reveal the business as it goes against the company’s policy.

“Unfortunately the possibility of fraudulent credit-card activity is all too common for every company in today’s marketplace”, it said. The report said several unnamed financial industry sources told Krebs that the incident may still be ongoing and could date back as far as November 2014.

“Sources say the the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties”, he said.