Hilton Group falls foul of credit fraud
Compromised credit cards have apparently been used at many of the hotel group's outlets
The Hilton Group may have been subject to a fraud attack, with compromised credit cards being used at its shops and gift stores.
Security expert Brian Krebs discovered that a number of credit cards listed on a Visa fraud watch list has been used at the hotel group's outlets, although it seems they weren't linked in any way to the company's guest reservation system.
Although Visa didn't specifically name the Hilton Group as one of the places the stolen credit card details were used, it was detailed in information released by five of the banks involved in the action.
Hilton responded to Krebs' claims, saying it had invested heavily in fraud alert systems, but fraudulent credit card activity was commonplace in today's marketplace.
"Hilton Worldwide is strongly committed to protecting our customers' credit card information," the company said.
"We take any potential issue very seriously, and we are looking into this matter," the group added in a statement.
Specifically, Krebs revealed the credit card details had been used at numerous Hilton properties including Embassy Suites, Doubletree, Hampton Inn and Suites, Waldorf Astoria Hotels & Resorts.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Sources say the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties," Krebs said.
Visa sent out confidential alerts to financial institutions saying its customers' details were being used to launch fraud attacks on many bricks-and-mortar outlets, within a time period of around three months, from 21 April 2015 up until 27 July 2015.
"The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity," Krebs said.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.