Starwood hotel chain reports monthslong data breach

Starwood is warning the public of a data breach at 54 of its hotels, including a few Sheraton, Westin and W locations. Starwood indicated the malware has been neutralized and is no longer a threat to customers using payment cards at its hotels, and that it has implemented additional unspecified security measures.

Starwood Hotels owned or managed 1,222 properties, including hotels and vacation rentals, globally as of 2014. There is no indication that contact information or personal identification numbers were collected, according to company officials.

Starwood said malware was found in payment systems at restaurants, gift shops, bars and other retail areas within hotels, but not at the front desk where guests pay for their stay.

In Orlando, the Dolphin hotel was subject to the data breach between November 5, 2014 and April 13, 2015. Most of the affected hotels are in the United States, including the Westin and W locations in Boston, Los Angeles and NY. The hotel conglomerate announced last Monday that Marriott worldwide had bought its properties and the two would become the largest hotel chain business in the world. The list also includes the dates those hotels were affected.

Starwood said the malware has since been removed.

The hotel group is offering all affected customers extensive credit protection services, at no cost to customers, along with suggested steps should you find fraudulent transactions on your records as a result of this security breach. He also expects the merger to provide the strongest and the most certain path of growth for the company. Starwood Hotels’ shares were up 1.3% at $73.16, while Marriott’s stock was little changed at $72.24 in afternoon trading.

KrebsonSecurity reminded readers “that they are not liable for unauthorized debit or credit card charges, but with one big caveat: the onus is on the cardholder to spot and report any unauthorized charges”.