If you’ve stayed at a Hilton hotel this year, you may want to check your bank records. The hotel chain admitted on Saturday that it was investigating claims that hackers have compromised sales registers in Hilton Hotels and a number of its franchises.
The first public suggestion of the breach came on Friday in the from or speculation by Krebs on Security. Brian Krebs wrote that a number of financial institutions have warned of a security breach between April 21st 2015 and July 27th 2015. The only commonality between all the reports was that the incidents occurred at Hilton properties, which reportedly included “flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.” Reuters explains that the hacks affected gift shops and restaurants at the hotels.
In a statement to Krebs, a Hilton spokesperson explained that:
“We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
Now might be a good time to point out that hotels aren’t known to be the most digitally secure of places: a recent report pointed out that almost all of the world’s top hotel chains use easily hackable hardware. For now, it remains unclear how the this year’s Hilton hack may have gone down, or what scale it occurred on. Presumably Hilton’s investigation will unearth the details.
While the Hilton chain plans to make some fairly radical technological measures in some places — like making room keys obsolete — the news suggests it could, perhaps, do with sweating the simple things, too.
Image by Rogier Mulder under Creative Commons licence.