informa
/
Quick Hits

Kimpton Hotels Hit By Point-Of-Sale Breach

Yet another POS breach at a major hotel chain.

Kimpton Hotels & Restaurants is alerting payment card customers of a payment card breach at more than 60 of its hotels and restaurants that occurred between February 16 and July 7 of this year.

The hotel chain said in a message on its website that it first got word of unauthorized charges on guests' payment cards in mid-July. An ensuing investigation uncovered malware on PoS servers at the front desks and restaurants of some of its hotels. "The malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the affected server. The malware primarily found track data that contained the card number, expiration date, and internal verification code, but in a small number of instances it may have found the track that also contains the cardholder name," Kimpton said in its advisory.

Kimpton's POS woes follow that of Eddie Bauer and HEI Hotels & Resorts, which operates Marriott, Hyatt and Sheraton and Westin hotels. 

"Hotels, airlines and car rental agencies need to stop kidding themselves, learn from other industries, and make cyber security a priority. Point-of-sale (POS) -based malware has driven most of the credit card breaches across so many industries already," said Shane Stevens, a director at VASCO Data Security. "As organizations address this Point-of-Sale issue, fraudsters are already looking at which attack vectors to hit in mobile. Their service providers shouldn’t create digital keys and other mobile conveniences until they can better protect their client companies and consumer customers across all channels." 

A list of the affected Kimpton locations is here, and Kimpton's full advisory can be found here.

 

Recommended Reading: