Malware exposes payment card data at Kimpton Hotels
Servers used to process payments at the boutique hotel chain's properties are infected with malware designed to steal customer card numbers, names and expiration dates.
The Sir Francis Drake Hotel in San Francisco is one of the Kimpton Hotels affected by the malware.
Kimpton Hotels has become the latest hotel operator to suffer a major data breach that may have divulged customer payment card data.
The chain of US boutique hotels warned on Wednesday that it had discovered malware on servers that processed payment cards used at some of its hotels and restaurants. The malware was designed to capture customers' card numbers, cardholder names, expiration dates and internal verification codes, the subsidiary of InterContinental Hotels Group explained in a blog post.
The malware was discovered after the chain was informed in July of unauthorized charges showing up on a customer's payment card after eating at one of Kimpton's restaurants. Cards used at certain restaurants and hotel front desks between February 16 and July 7 may be affected. The chain has published a list of properties where customers' cards may be affected, along with specific at-risk time frames, and said it will be contacting customers who may have had data exposed.
Earlier this month, Hotel operator HEI Hotels and Resorts reported that malware found on the company's systems could have been used to steal data from customers using cards to pay at any point-of-sale terminals across the properties.