14 DAY TRIAL // The credit cards details of several Starwood Hotels & Resorts customers were stolen using malware installed on PoS devices at 54 of the hotel group's properties.
Starwood Hotels & Resorts is an international hotel chain that operates brands like Westin, Sheraton, W Hotels, St. Regis, and Le Méridien. The hotel conglomerate announced last Monday that Marriott International had bought its properties and the two would become the largest hotel chain business in the world.
On Friday evening, right on the infamous mass-media blind spot, Starwood Hotels announced a data breach that affected 54 of its US properties. According to the company's statement, PoS malware is to blame for the incident.
Starwood Hotels claims that its hotel reservation system was not affected and that the malware only managed to infect PoS endpoints found in its restaurants and gift shops.
After contacting authorities and a security forensics investigator, the company says that the malware stole cardholder name, payment card number, security code and card expiration date, but not PINs and client addresses.
PoS malware infection remained undetected for almost a year
Starwood properties affected by this issue are spread all around the US, and not a particular region. Most hotels are part of the W Hotels, Westin, and Sheraton chains.
Customers that have checked in at Starwood hotels can verify a full list of affected properties on the company's website for further info.
Starwood Hotels is also offering one free year of credit monitoring, according to US regulations. They have also started contacting clients that they think may have been affected. Company representatives said the malware operated between November 2014 and October 2015.
"We sincerely regret any inconvenience this may cause," said Sergio Rivera, Starwood Hotels & Resorts President for The Americas. "We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports. If you believe your payment card may have been affected, please contact your bank or card issuer immediately."