If you stayed at a Sheraton, Westin or other Starwood hotel in the US or Canada this past year, you'll want to keep an eye on your credit or debit card account.
Starwood Hotels and Resorts Worldwide said this week that point-of-sale systems at more than 50 of its hotels had been infected with malicious software. The malware, installed at gift shops, restaurants and other locations, let hackers make off with payment card data, including cardholder name, card number, security code and expiration date.
The company said in a statement that it has removed the malware and "implemented additional security measures to help prevent this type of crime from reoccurring." It also said there's no indication at this point that its guest reservation or preferred-guest membership systems were affected. The company added that there is no evidence that customer PINs or contact information were captured.
A list of affected hotels (PDF) includes facilities in major cities, such as the Sheraton New York Times Square hotel, the Westin Michigan Avenue Chicago, the Westin Los Angeles Airport and Le Centre Sheraton Montreal. The Walt Disney World Dolphin hotel was also hit. Timing of attacks varied from place to place, but the earliest listed happened in November 2014, with the most recent occurring in March of this year.
Starwood is far from the only business to fall victim to this sort of attack on point-of-sale systems. Last year, home-improvement chain Home Depot said 56 million credit cards had been put at risk by such an attack. Prior to that, at the end of 2013, Target was hit by a similar breach, which the chain estimated could have affected a third of the US population.
People who think they might've been hit by the breach can find more information in this security notice from Starwood.