Credit Card Data Stolen from HEI Hotels & Resorts

Customer credit cards have been compromised after the electronic Point-of-Sale (PoS) systems at multiple hotels owned by HEI Hospitality (HEI Hotels & Resorts) were breached.

The data leak incident was reported to the New Hampshire Office of the Attorney General by lawyers representing the company in a letter [PDF] dated September 2.

"Based on HEI's investigation to date, it has determined a vulnerability in an information system at certain of its hotel properties may have been exploited, and credit card information related to certain transactions occurring between between March 25 and April 17, 2010 may have been compromised," the letter reads.

HEI Hospitality is based in Norwalk, Connecticut, but owns numerous hotels and resorts across the United States, including some operating under world renowned brands like Westin, Marriott, Hilton, Embassy Suites, Le Meridien, Sheraton, Renaissance or Crowne Plaza.

The stolen information is believed to include credit card type, number, expiration date, security code and the data contained on the magnetic stripe.

The company is not aware of any case in which the compromised information was misused, but nevertheless, it offers a one-year free subscription to a credit monitoring service and identity theft insurance to all individuals affected by the incident.

Amongst the HEI properties where the PoS systems were compromised are Marriott Fullerton at California State University, Detroit Marriott Southfield, Renaissance Fort Lauderdale Port Everglades Hotel, Marriott Dallas/Fort Worth Hotel & Golf Club at Champions Circle, Atlanta Marriott at Norcross, Sheraton Crystal City Hotel, The Westin Minneapolis, The Equinox, a Luxury Collection Golf Resort & Spa, Sheraton Music City Hotel, and the Westin St. Louis Hotel.

It looks like hackers are increasingly targeting vulnerable systems at hotels. Back in June we reported about a similar breach which affected customers of 21 properties owned by Destination Hotels & Resorts.