HEI Hotels & Resorts said a data breach at 20 US hotels operated by the firm for Starwood, Marriott, Hyatt and Intercontinental may have exposed payment card data from tens of thousands of food, drink and other transactions.
The Connecticut-based firm said on Sunday that malware designed to collect card data was found on its systems, Reuters reported.
The malware was discovered on payment systems used at restaurants, bars, spas, lobby shops and other facilities at the properties, a company spokesman was quoted as saying.
The malware affected 12 Starwood hotels, six Marriott International Inc properties, one Hyatt hotel and one InterContinental Hotels Group hotel.
The number of customers affected is difficult to calculate because they might have used their cards multiple times, HEI said.
Outside experts investigated the breach and determined that hackers might have stolen customer names, account numbers, payment card expiration dates and verification codes.
HEI said it has informed federal authorities and that it has installed a new payment processing system that is separate from other parts of its computer network.
– Contact us at [email protected]