Starwood Hotels & Resorts Worldwide has become the latest global hotel group to fall victim to a security breach involving credit card data.
The company, which last week was acquired by Marriott International, said that malware designed to help cyber thieves steal credit and debit card data was found on point of sale systems at 50 of its US properties across its Sheraton, Luxury Collection, St Regis, Westin and W brands. It is not believed that any of Starwood's 11 hotels in the UK were impacted.
Starwood, which operates 1,275 hotels worldwide, said it had engaged third-party forensic experts to investigate the security breach, which appears to have impacted restaurants, gift shops and other point of sale systems at the affected hotels. There is currently no indication that the guest reservation or Starwood Preferred Guest loyalty scheme were involved.
The intrusive software was designed to collect payment card information, including cardholder name, card number, security code and expiration date. There is no evidence that contact information or PINs were accessed. Customer payment card information has now been secured and the malware no longer presents a threat to customers using payment cards at Starwood hotels.
Sergio Rivera, Starwood president, the Americas, said that protecting customers' information was "critically important" to Starwood. "Quickly after we became aware of the possible issue, we took prompt action to determine the facts. We have been working closely with law enforcement authorities and have been co-ordinating our efforts with the payment card organisations. We want to assure our customers that we have implemented additional security measures to help prevent this type of crime from reoccurring."
Earlier this year Mandarin Oriental disclosed that 10 out of its 27 luxury hotels worldwide, including its Hyde Park, London property, had been impacted by a similar security breach.
Latest video from The Caterer