Hotel operator HEI Hotels and Resorts reported on Monday that 20 US hotels it runs have suffered a major data breach that may have divulged customer bank card data.
The affected hotels include properties from the Marriott, Hyatt, Intercontinental and Renaissance chains, as well as Starwood properties in the Le Meridien, Sheraton and Westin chains. HEI has posted a full list online.
Malware found on the company's systems could have been used to steal data from customers using cards to pay at any point-of-sale terminals across the properties, the company said. About 8,000 transactions took place in the period the systems were affected, which was between March 1, 2015 and June 21, 2016.
HEI apologized for incident, saying that it has "mounted a thorough response to investigate and resolve this incident, bolster our data security, and support our customers." The incident has been contained, the company added, and customers can now use their cards at any of the hotels targeted in the attack.