Yet another POS breach at a major hotel chain.
Kimpton Hotels & Restaurants is alerting payment card customers of a payment card breach at more than 60 of its hotels and restaurants that occurred between February 16 and July 7 of this year.
The hotel chain said in a message on its website that it first got word of unauthorized charges on guests' payment cards in mid-July. An ensuing investigation uncovered malware on PoS servers at the front desks and restaurants of some of its hotels. "The malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the affected server. The malware primarily found track data that contained the card number, expiration date, and internal verification code, but in a small number of instances it may have found the track that also contains the cardholder name," Kimpton said in its advisory.
Kimpton's POS woes follow that of Eddie Bauer and HEI Hotels & Resorts, which operates Marriott, Hyatt and Sheraton and Westin hotels.
"Hotels, airlines and car rental agencies need to stop kidding themselves, learn from other industries, and make cyber security a priority. Point-of-sale (POS) -based malware has driven most of the credit card breaches across so many industries already," said Shane Stevens, a director at VASCO Data Security. "As organizations address this Point-of-Sale issue, fraudsters are already looking at which attack vectors to hit in mobile. Their service providers shouldn’t create digital keys and other mobile conveniences until they can better protect their client companies and consumer customers across all channels."
A list of the affected Kimpton locations is here, and Kimpton's full advisory can be found here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024