The Hilton Group may have been subject to a fraud attack, with compromised credit cards being used at its shops and gift stores.
Security expert Brian Krebs discovered that a number of credit cards listed on a Visa fraud watch list has been used at the hotel group's outlets, although it seems they weren't linked in any way to the company's guest reservation system.
Although Visa didn't specifically name the Hilton Group as one of the places the stolen credit card details were used, it was detailed in information released by five of the banks involved in the action.
Hilton responded to Krebs' claims, saying it had invested heavily in fraud alert systems, but fraudulent credit card activity was commonplace in today's marketplace.
"Hilton Worldwide is strongly committed to protecting our customers' credit card information," the company said.
"We take any potential issue very seriously, and we are looking into this matter," the group added in a statement.
Specifically, Krebs revealed the credit card details had been used at numerous Hilton properties including Embassy Suites, Doubletree, Hampton Inn and Suites, Waldorf Astoria Hotels & Resorts.
"Sources say the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties," Krebs said.
Visa sent out confidential alerts to financial institutions saying its customers' details were being used to launch fraud attacks on many bricks-and-mortar outlets, within a time period of around three months, from 21 April 2015 up until 27 July 2015.
"The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity," Krebs said.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
