Hotel sector faces ‘cyber crime wave’ Malcolm Moore in London and Hannah Kuchler San Francisco
The hotel industry is the next big target for cyber criminals, experts have warned, after Hilton became the fourth major hotel group to have customers’ credit card details hacked. Hilton Hotels, Starwood Hotels & Resorts, Mandarin Oriental and the Trump Collection have all admitted that their payments systems were compromised this year as hackers hunting for credit card details switch their attention to the leisure industry. This week Hilton and Starwood said guests’ personal details had been taken after hackers gained access via payment systems. Hilton said customer data had been accessed over 17 weeks, from November 18 to December 5, 2014 or April 21 to July 27, 2015. “The reality is the sector as a whole is dealing with a cyber crime wave,” said Tom Kellermann, chief cyber security officer at Trend Micro, which sells security software. “Customers should be very concerned because in general the industry has insufficiently invested in cyber security.” Hackers managed to plant viruses into the hotel companies’ point-of-sale systems, and some of the data stolen may not have been encrypted, according to Mr Kellermann. Trend Micro identified one virus, called MalumPoS, which targets Oracle’s Micros platform, a system used at more than 330,000 sites throughout the hotel and leisure industry by companies including InterContinental Hotels, Travelodge, Hyatt, Wyndham, and Accor.
“This type of virus can compromise 95 per cent of the POS systems on the planet,” said Mr Kellermann. The virus disguises itself as a legitimate program and then scrapes through systems to hunt for credit card details. Hilton, Starwood and Oracle declined to comment. The widespread use of the same strain of malware suggests that the attacks may have been carried out by organised criminals, who then either sell databases of customer credit card details on to fraudsters or conduct the fraud themselves.
Credit card details sometimes are not used for months after they have been stolen or even until after the free credit monitoring often offered by companies expires to lull victims into a false sense of security. Hackers have turned their attention to hotels after retailers began improving their security following a series of high-profile attacks on US chains in late 2013 and 2014, including breaches at Target and Home Depot. Justin Harvey, chief security officer at Fidelis Cybersecurity, a US threat detection company, said customers would be worried because enough details may have been stolen to complete a purchase — and potentially in two separate incidents.
Datafeed and UK data supplied by NBTrader and Digital Look.
While London South East do their best to maintain the high quality of the information displayed on this site,
we cannot be held responsible for any loss due to incorrect information found here. All information is provided free of charge, 'as-is', and you use it at your own risk.
The contents of all 'Chat' messages should not be construed as advice and represent the opinions of the authors, not those of London South East Limited, or its affiliates.
London South East does not authorise or approve this content, and reserves the right to remove items at its discretion.