Hilton breach – Fraud.org


Hotel giant Hilton Worldwide (operator of Hilton Hotels, Doubletree, Embassy Suites, Waldorf Astoria, and others) was the latest in a series of hotel breaches including Starwood Hotels, Trump Hotel Collection, Mandarin Oriental, and White Lodging.

Announced on: November 24, 2015

Description of breach: According to the chain, malware may have been present on some point-of-sale systems over a 17-week period, from November 18 to December 5, 2014 or April 21 to July 27, 2015.

Information exposed: It’s unclear at this time how many payment cards were affected, but official word from the company is that the compromised PII includes “cardholder names, payment card numbers, security codes and expiration dates, but no addresses, personal identification numbers (PINs), or Hilton HHonors account information.” (Hilton)

Affected customers: Unknown

Official information from Hilton: https://news.hiltonworldwide.com/index.cfm/misc/guestupdate/hilton-worldwide-guest-update 

Help for victims: Hilton is offering one year of free credit monitoring through AllClear. You may sign up online at hiltonworldwide.allclearid.com or by phone by calling 1-855-270-9191 (U.S. & Canada) and +1 512-201-2188 (outside U.S. & Canada).

More coverage of the breach: KrebsOnSecurity