Dive Brief:
-
Starwood Hotels & Resorts Worldwide reported that payment systems at 54 of its hotels in North America had been infected with malware. The malware was designed to collect payment card data, such as cardholder name, payment card number, security code and expiration date, Starwood said on Friday.
-
The company said the malware is "no longer presents a threat" and that customer data had not been compromised.
-
Nothing indicates at this time that Starwood Preferred Guest membership systems or guest reservation information (contact details, PINs) had been compromised, the company said.
Dive Insight:
The news of the attack comes about a week after Marriott agreed to buy Starwood -- a $12.2 billion move that created the largest lodging company in the world, also left many customers irate.
Starwood Hotels said payment systems primarily at hotel restaurants and gift shops were hit between November 2014 and October 2015. The company said the Sheraton New York Times Square hotel, the Westin New York Grand Central New York and The St. Regis Bal Harbour Resort in Florida were among the 54 compromised.
Starwood said it took "prompt action" and is offering identity protection and credit monitoring to customers through AllClear ID. The company is also working with law enforcement officials and has begun additional measures to guard against a future attack.
Hilton Worldwide Holdings Inc and Trump Hotel Collection recently also revealed that they were investigating possible cyber attacks.