SC Magazine: Hilton Worldwide confirms malware on POS targeted payment card info

November 25, 2015 — Hilton Worldwide confirms malware on POS targeted payment card info
Thieves that planted unauthorized malware on some Hilton Worldwide point of sale (POS) systems aimed to glean payment card information in a breach that occurred late in 2014 or mid-2015, the hotel company confirmed Tuesday.


Ryan Wilk, director at NuData Security, noted that “hackers don’t take vacations, and they are just as excited about your vacation as you are. Why? Because while you’re enjoying yourself, they will be too when they skim your credit cards while you’re there.”

That’s what seems to have happened at Hilton and elsewhere. Starwood Hotels reported a similar breach earlier this month.

“This credit card breach announcement is just one of a spate of similar hacks that have occurred over the last year or so targeting hotels,” Wilk said in comments emailed to

In late September rumors swirled that a breach might have occurred at Hilton’s POS registers in gift shops and restaurants after Visa apparently alerted financial institutions of a breach and prompted the company to issue preliminary words of caution.

But this week the hotel chain confirmed the breach. Hilton said in a statement that after discovering the incursion, which occurred either “November 18 to December 5, 2014 or April 21 to July 27, 2015,” it immediately launched an investigation that revealed “specific payment card information, including account names, payment card numbers, security codes and expiration dates, was targeted by the malware.” No addresses or personal identification numbers (PINs) appear to have been accessed, the statement said.

To see the full article at SC Magazine, click here.