A credit card fraud pattern is linked to the Hilton hotel franchise, as credit card data was apparently compromised at nationwide Hilton hotel properties.
The Hilton hotel franchise includes Embassy Suites, Hampton Inn and suites, Double Tree, as well as the high-end Waldorf Astoria Hotels & Resorts. A breach in security apparently occurred back in November 2014, when hackers compromised a slew of point-of-sale (POS) registers in coffee shops, restaurants and gift at a "large number of Hilton Hotels and franchise properties" in the U.S.
Online security analyst Brian Krebs revels that this cyberhack resulted in a pattern of credit card fraud. According to Krebs, Visa notified numerous financial institutions of the breach back in August. The confidential alerts to each bank reportedly included the credit card numbers that may have been compromised, without naming the breached entity.
Five banks, however, concluded that the common POS for the cards in question was Hilton. All of those cards mentioned in the alert were used at Hilton properties across the U.S. Hilton is now investigating the claims.
"Hilton Worldwide is strongly committed to protecting our customers' credit card information," a Hilton spokesman told Krebs in a written statement. "We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today's marketplace. We take any potential issue very seriously, and we are looking into this matter."
Krebs further points out that the breach doesn't seem to be tied to the guest reservation system at the locations in question. More likely, the credit card fraud may be related to compromised POS devices used in franchised restaurants, gift shops and coffee bars within Hilton hotel properties, sources suggest.
The incident may have occurred back in November 2014, according to sources in the financial industry, but the breach could be ongoing even now.
A quick look at the comment to Krebs' report, meanwhile, reveals a bit more information on the matter. One commenter, says they stayed at a Hilton property back in June, but only used the check-in and check-out services at the front desk and not the on-property services such as restaurants and gift shops. They used a card to pay for the room, but didn't notice any unusual activity.
Another commenter, however, reveals that their bank sent them a new card last month because their old one was linked to a "suspected event." He says he used the old card only rarely, but did use it at a Hilton property back in July. Consequently, that "suspected event" that prompted the bank to issue a new card is likely the cyberhack that hit the Hilton franchise.
Another commenter adds even more pieces to the puzzle, reporting that he saw suspicious activity after using a card on June 6 at both the front desk and the hotel bar of a Hilton property in Chicago.
"Fraudulent charges began on 8/7, and the card was shutdown the same day," the commenter reveals.
The scale of this data breach remains unclear at this point, as it's tough to estimate just how many Hilton properties it affected or how many consumers had their credit card information compromised. Hilton Worldwide should offer more information once it completes its probe into the matter.
