Hilton Hotel and Resort is investigating claims that a number of their point-of-sale (PoS) machines have been compromised, some potentially dating back as far as November 2014.
Back in August, Visa notified a number of financial institutions of a potential breach from April 21 to July 27, but did not name the affected client. Since, financial institution have confirmed to Brian Krebs the affected vendor is Hilton Hotel.
Investigators believe the PoS systems used throughout various Hilton Hotel restaurants, coffee bars and gift shops to be compromised, Krebs claims, citing that some of his sources believe the breach could date back as early as 2014.
Krebs says that the financial institutions who issued the cards found one commonality, they were all used at hotels that have some form of affiliation with Hilton, including Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts
In a written statement, an official Hilton Hotel spokesperson said the company is currently investigating the possibility of a data breach.
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said in a statement. “We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
If an investigation turns up any information that Hilton didn’t adequately secure their computer systems, the company could be punished due to a recent ruling by the Federal Trade Commission (FTC). The ruling stems from the United States Court of Appeals who made the decision last month that denied a motion by the Wyndham Worldwide hotel chain to dismiss a pending lawsuit brought about by the FTC after their initial data breach back in 2008.
In the lawsuit filed in 2012, the FTC accused Wyndham of operating their computer systems in an unreasonably insecure manner, exposing customer information to theft. Due to the hotel’s poor security, the data breach led to over $10.6 million in fraudulent charges that plagued victims’ credit cards.
It remains unknown how many Hilton Hotel properties may have been affected in the potential data breach.