Starwood Hotels and Resorts has issued a letter to guests warning of a malware intrusion that affected some point of sale systems at a limited number of Starwood hotels in North America.
Sergio Rivera, president, the Americas, wrote that third-party forensic experts have conducted an extensive investigation, and the organization is working closely with law enforcement authorities and coordinating efforts with the payment card organizations to determine the facts.
Based on the investigation, certain Starwood hotels have been found to be infected with malware, enabling unauthorized parties to access payment card data of some customers.
The malware, designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date, is not believed to have had a negative impact on other customer information, such as contact information, Social Security numbers or PINs.
Certain restaurants, gift shops and other point of sale systems at the relevant Starwood properties is thought to have been impacted by the malware, while there is no evidence that guest reservation or Starwood Preferred Guest membership systems have been impacted.
Rivera added that the affected hotels have taken steps to secure customer payment card information, and the malware no longer presents a threat to customers using payment cards at hotels.
The locations and potential dates of exposure for each affected Starwood property are listed here.
Starwood has arranged with AllClear ID to offer identity protection and credit monitoring services to affected Starwood customers for one year at no cost.
For more information, call 1-855-270-9179 (U.S. and Canada) or 1-512-201-2201 (International), Monday through Saturday, 8:00 am to 8:00 pm CST.