Malware exposes payment card data at Kimpton Hotels

Servers used to process payments at the boutique hotel chain's properties are infected with malware designed to steal customer card numbers, names and expiration dates.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil

The Sir Francis Drake Hotel in San Francisco is one of the Kimpton Hotels affected by the malware.

Kimpton Hotels

Kimpton Hotels has become the latest hotel operator to suffer a major data breach that may have divulged customer payment card data.

The chain of US boutique hotels warned on Wednesday that it had discovered malware on servers that processed payment cards used at some of its hotels and restaurants. The malware was designed to capture customers' card numbers, cardholder names, expiration dates and internal verification codes, the subsidiary of InterContinental Hotels Group explained in a blog post.

The malware was discovered after the chain was informed in July of unauthorized charges showing up on a customer's payment card after eating at one of Kimpton's restaurants. Cards used at certain restaurants and hotel front desks between February 16 and July 7 may be affected. The chain has published a list of properties where customers' cards may be affected, along with specific at-risk time frames, and said it will be contacting customers who may have had data exposed.

Earlier this month, Hotel operator HEI Hotels and Resorts reported that malware found on the company's systems could have been used to steal data from customers using cards to pay at any point-of-sale terminals across the properties.