Starwood Hotels Malware Data Breach: What You Need to Know
Malware was found in payment systems at 54 hotel locations, the company said.
— -- Starwood, a popular hotel chain that includes brands such as W Hotels, Sheraton, Westin and Le Meridien, reported today 54 of its locations had been hit by malware designed to steal customers' credit card information.
Here's a look at what you need to know about the breach.
Which Locations Were Hit?
The hotel chain provided a list of the 54 locations it said were impacted by the breach, including the potential dates during which customer information may have been exposed.
Who Was Impacted?
The malware targeted point-of-sale systems at a limited number of its restaurants and gift shops, Starwood said in a statement on its website, noting that there is "no indication at this time" its guest reservation or Starwood Preferred Guest membership systems were affected.
What Information Is At Risk?
The malware was designed to steal cardholder names, credit card numbers, security codes and expiration dates, however, the company said "there is no evidence that other customer information, such as contact information or PINs, were affected by this issue."
What Is Being Done About the Breach?
The affected hotels have taken steps to secure customer payment card information and the malware no longer presents a threat to customers using payment cards at Starwood hotels, the company said.
"Protecting our customers’ information is critically important to Starwood and we take this issue extremely seriously," Sergio Rivera, president of Starwood's properties in the Americas, said in a statement.
"Quickly after we became aware of the possible issue, we took prompt action to determine the facts. We have been working closely with law enforcement authorities and have been coordinating our efforts with the payment card organizations," he said. "We want to assure our customers that we have implemented additional security measures to help prevent this type of crime from reoccurring."
Starwood is also working with AllClear ID to offer identity protection and credit monitoring services to affected customers for one year, free of charge.
What Can Worried Customers Do?
Customers who believe they made a purchase at one of the impacted locations during the dates they were affected should carefully monitor their account statements for any suspicious activity.
"If a customer believes his or her payment card may have been affected, the customer should immediately contact their bank or card issuer," Starwood's statement advised. Customers with questions can also visit Starwood's website for more information.