It's been a few weeks since we've had reports of a major data breach, so we were due for one. And right on schedule comes the news that more than 50 Starwood Hotels and Resorts have been compromised.
If the name isn't familiar, Starwood owns and operates the Sheraton, Westin, Four Points, W Hotels and other high-end chains, along with several standalone resorts like the Phoenician in our backyard of Scottsdale, Arizona. So, how bad is the breach?
According to Starwood, the breach was due to malware-infected POS systems in associated restaurants and gift shops. It claims that guest registration systems weren't compromised, and it has since cleared out the infection.
Still, that leaves customer names, credit card information and other payment information exposed for a number of people; the exact number isn't clear yet. We do know that the breaches at some locations extend as far back as November 2014 and went as late at June 2015.
The hotels range from Hawaii and California to Texas and the East Coast. You can see a full list of the affected properties and how long the breach extended at each one in this PDF.
While this is a serious breach, there could be an even bigger one on the horizon. Banks and card issuers tracking the Starwood breach suspect that one has taken place at Hilton Hotels & Resorts as well.
They're seeing a lot of fraudulent activity linked back to Hilton restaurants and gift shops, along with Hilton properties such as Embassy Suites, Doubletree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts.
Again, this would be a problem with malware-infested POS systems, just like most other major retailer breaches of the past two years. If you swiped your card at a Starwood or Hilton property for the last year, keep a close eye on your bank statements for any unusual activity.
Hopefully, this problem should become a thing of the past once EMV credit cards finally come into effect. Find out why these chip-based cards are safer than swipe cards.