Last updated: 09:55 AM ET, Mon August 15 2016

HEI Reports Payment Card Breach at 20 US Hotels

Impacting Travel | Patrick Clarke | August 15, 2016

HEI Reports Payment Card Breach at 20 US Hotels

PHOTO: The Westin Pasadena in Pasadena, California is one of 20 HEI-operated properties affected by malware (photo courtesy of Carey Watermark Investors).

Malware has been found at more than a dozen prominent hotels across the U.S. 

Hotel operator HEI Hotels & Resorts recently revealed that Hyatt, Marriott and Starwood properties in 10 states and the District of Columbia have been targeted by hackers.

"HEI was recently alerted to a potential security incident by its card processor," the Norwalk, Connecticut-based company said in a statement. "Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain properties designed to capture payment card information as it was routed through these systems."

HEI said the malware discovered on hotel payment systems may have collected names, card account numbers, card expiration dates and verification codes. The breach dates back to early December 2015 and continued through late June 2016.

However the breach may have begun as early as March 2015 at some properties where guests purchased food and beverage with a card.

HEI has since contained the malware and is now urging "customers to remain vigilant and continue to monitor statements for unusual activity going forward."

"We take very seriously our responsibility to keep our customers' information secure, and have mounted a thorough response to investigate and resolve this incident, bolster our data security, and support our customers," said HEI. "We are pleased to report that the incident has now been contained and individuals can safely use payment cards at all of our properties."

Notable affected hotels include the Westin Minneapolis, Westin Philadelphia, Hotel Chicago Downtown and the Le Meridien San Francisco, among others.

HEI apologized to customers for the incident and said it will continue to work to enhance its security measures in the future.

While undoubtedly troubling, HEI is just the latest in a growing list of hotel companies to be impacted by payment card data-stealing malware. 

For more information on United States

For more Impacting Travel News


You may use your Facebook account to add a comment, subject to Facebook's Terms of Service and Privacy Policy. Your Facebook information, including your name, photo & any other personal data you make public on Facebook will appear with your comment, and may be used on Click here to learn more.

Enterprise Rent-A-Car: Treating Customers Special

Car Rental & Rail