Credit card data had been stolen from 20 U.S. hotels in Washington, D.C., and 9 states (California, Colorado, Florida, Minnesota, Pennsylvania, Tennessee, Texas, Virginia, Vermont) leaving consumers vulnerable to fraudulent charges or identity theft.
The hotels are owned and operated by HEI Hotels and Resorts, and include Marriott, Hyatt, Westin, Sheraton and other major brands.
According to HEI, the security breach happened at point-of-sale terminals that were infected with malware. The company doesn’t store the credit and debit card information from those terminals, so potential victims will not be notified by HEI.
What HEI did was to post a general message about the card security breach on its website:
Message to Our Customers About Payment Card Security Incident
Unfortunately, like many other organizations, we recently became aware that several of our properties may have been the victim of a security incident that could have affected the payment card information of certain individuals who used payment cards at point-of-sale terminals, such as food and beverage outlets, at some of our properties. We take very seriously our responsibility to keep our customers’ information secure, and have mounted a thorough response to investigate and resolve this incident, bolster our data security, and support our customers. We are pleased to report that the incident has now been contained and individuals can safely use payment cards at all of our properties. We are sorry for any concern or frustration that this incident may cause.
Based on the findings of our investigation, we are providing the following information and resources for our customers:
- A detailed Notice Letter that explains what happened, describes the actions we’ve taken, and provides information and resources to anyone who may have been affected.
- A Frequently Asked Questions document, delivering additional information that we anticipate that our customers may want or need.
- A List of Affected Properties, segmented by state and providing street addresses, for reference by our customers.
- Access to a Toll-Free Call Center, with operators standing by to address customer questions and concerns about this incident. You can reach this call center by dialing 888-849-1113 between 9:00 a.m. and 9:00 p.m. Eastern time, Monday through Friday.
We take this matter and the security of personal information very seriously and we will continue to review and enhance our security measures to further secure our systems. Again, please accept our sincere regret for any concern or frustration that this incident may cause.
Here’s the list of the 20 hotels and the dates affected:
If you or someone you know had visited hotels on the above list, you should:
- Check your credit card and bank statements for suspicious, unauthorized charges.
- Check your credit report to make sure that the thieves have not opened new credit cards in your name.
~Eowyn
