Malware infection goes unnoticed since September 2012

Sep 3, 2016 21:20 GMT  ·  By

Hutton Hotel, located in Nashville, Tennessee, announced late Friday afternoon on Saturday 2, 2016, a serious security breach that affected all customers who used their credit or debit cards at the hotel since September 2012.

An announcement on their website reads that the hotel's payment processor discovered the breach and notified hotel officials.

Following an initial assertion of the security breach, Hutton Hotel has learned that point-of-sale systems used at its check-in counter and onsite food and beverage outlets had been infected with malware.

This is very unusual because, in most payment card breaches that take place at hotels, attackers usually manage to infect only the PoS systems installed at bars and restaurants, and not the one used to handle reservations and room fee payments.

Point-of-sale systems infected with malware infected since 2012

According to Hutton Hotel, all those who used their payment card to pay for reservations and rooms between September 19, 2012, and April 16, 2015, might have had their payment card data stolen.

Additionally, the malware was also present in the PoS system used at the onsite food and beverage outlets from September 19, 2012, to January 15, 2015, and then from August 12, 2015, to June 10, 2016.

In past payment card breaches, you generally see a PoS malware infection going undetected for one or two years. At Hutton Hotel, the PoS malware infiltration managed to stay hidden for a whopping four years.

Following an investigation by an unnamed security firm, Hutton says that it found out the malware included the capabilities to collect cardholder name, payment card account number, card expiration date, and card verification code.

Hotel representatives advise customers who used payment cards at their property to keep an eye out for suspicious transactions.

In the last few months, other hotel chains suffered similar card breaches. These are the Millennium Hotels & Resorts (late August), Noble House Hotels and Resorts (late August), the HEI Hotels & Resorts (mid-August), Omni Hotels & Resorts (mid-July), and the Hard Rock Hotel & Casino in Las Vegas (late June).