Customers at twenty hotel properties owned by HEI Hotels and Resorts, including Starwood and Hyatt, may have had their credit card information stolen and leaked in a cyber attack earlier this summer. Targeting the hotels’ POS (Point of Sale) systems, hackers have potentially purloined guests’ card details while they were making payments. HEI has reassured its patrons that the incident has now been contained.
POS systems are particularly attractive to hackers as they generally experience heavy traffic and handle attractive financial data – and it takes time for irregularities to be noticed. The usual suspects are responsible for their vulnerability – outdated software, weak passwords and incorrect configurations make it easy to inject malware.