Malware strikes Starwood, Marriott and Hyatt hotels, exposing customer card data

Guests at 20 hotels in the US could have had their bank card details stolen.

Katie Collins Senior European Correspondent

Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.

See full bio

Katie Collins

Aug. 15, 2016 5:32 a.m. PT

The affected properties belong to some of the world's biggest hotel chains.
Spencer Platt, Getty Images

Hotel operator HEI Hotels and Resorts reported on Monday that 20 US hotels it runs have suffered a major data breach that may have divulged customer bank card data.

The affected hotels include properties from the Marriott, Hyatt, Intercontinental and Renaissance chains, as well as Starwood properties in the Le Meridien, Sheraton and Westin chains. HEI has posted a full list online.

Malware found on the company's systems could have been used to steal data from customers using cards to pay at any point-of-sale terminals across the properties, the company said. About 8,000 transactions took place in the period the systems were affected, which was between March 1, 2015 and June 21, 2016.

HEI apologized for incident, saying that it has "mounted a thorough response to investigate and resolve this incident, bolster our data security, and support our customers." The incident has been contained, the company added, and customers can now use their cards at any of the hotels targeted in the attack.