X

Customers at Sheraton, Westin, other hotels hit by data-stealing hack attack

Starwood Hotels and Resorts, the company behind nearly a dozen hotel brands, says that more than 50 of its locations suffered from a malware attack on point-of-sale systems.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
2 min read

Hackers are at it again, as major hotel company Starwood reveals that customer data was nicked.

Andrew Brookes/Corbis

If you stayed at a Sheraton, Westin or other Starwood hotel in the US or Canada this past year, you'll want to keep an eye on your credit or debit card account.

Starwood Hotels and Resorts Worldwide said this week that point-of-sale systems at more than 50 of its hotels had been infected with malicious software. The malware, installed at gift shops, restaurants and other locations, let hackers make off with payment card data, including cardholder name, card number, security code and expiration date.

The company said in a statement that it has removed the malware and "implemented additional security measures to help prevent this type of crime from reoccurring." It also said there's no indication at this point that its guest reservation or preferred-guest membership systems were affected. The company added that there is no evidence that customer PINs or contact information were captured.

A list of affected hotels (PDF) includes facilities in major cities, such as the Sheraton New York Times Square hotel, the Westin Michigan Avenue Chicago, the Westin Los Angeles Airport and Le Centre Sheraton Montreal. The Walt Disney World Dolphin hotel was also hit. Timing of attacks varied from place to place, but the earliest listed happened in November 2014, with the most recent occurring in March of this year.

Starwood is far from the only business to fall victim to this sort of attack on point-of-sale systems. Last year, home-improvement chain Home Depot said 56 million credit cards had been put at risk by such an attack. Prior to that, at the end of 2013, Target was hit by a similar breach, which the chain estimated could have affected a third of the US population.

People who think they might've been hit by the breach can find more information in this security notice from Starwood.