CCR Magazine

You are here  :Home arrow News arrow Hilton Hotels admits hackers planted malware and stole customer card details
Contact Us Newsletter Signup RSS Feeds

Latest News Headlines


Commercial Credit News


Hilton Hotels admits hackers planted malware and stole customer card details PDF Print E-mail
Wednesday, 25 November 2015

Last night, Hilton Worldwide issued a statement confirming that malware had found its way onto point-of-sale systems and stole payment card information.

That stolen information includes cardholder names, payment card numbers, security codes and expiry dates. However, addresses and PINs have not been exposed. Hilton isn’t currently sharing any information about how many or which hotel locations may have been affected by the breach, but is telling customers to review their payment card statements - particularly if they used their cards at a Hilton Worldwide hotel between November 8 - December 5 2015 or April 21 - July 27 2015.

Commenting on this, Ryan Wilk, director at NuData Security, said: “When we set out on vacation, we like to think we’re getting away from it all and our only worry should be making flight connections. But hackers don’t take vacations, and they are just as excited about your vacation as you are. Why? Because while you’re enjoying yourself, they will be too when they skim your credit cards while you’re there.

Last night, Hilton Hotels disclosed that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale systems at some of its hotels. This credit card breach announcement is just one of a spate of similar hacks that have occurred over the last year or so targeting hotels.

While we can’t know for sure what hackers long-term plans are, it does seem credible that they are targeting specific industries that likely have the same exploits in order to maximise their efforts before moving on to the next industry. Once they get the card numbers, hackers then sell them on the Dark Web, use them directly in credit card cycling scams, or tie them to other data leaks to create full personas ripe for identity theft or fraudulent account creation, likely contributing to the overall increase in account takeovers we’ve seen, over 100% increase since February 2015.

If the information is out there, it’s only a matter of time before it’s tested and used. Instead of waiting for that shoe to drop, or bemoan how frequent these thefts are as if it’s simply the unavoidable cost of doing business in the digital age, it’s time to up our collective game. Behavioural analytics, using passive behaviour detection that doesn’t rely on personally identifying information, protects customers transactions and companies from fraud with the same surety of knowing you locked the front door before you left on holiday.”

latest issue

CCR Cover

The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.

Read the latest issue online


CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.

As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.

Subscribe to CCR Magazine

CCR World Magazine


Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.

Find out more

GTS Media Ltd
81 Cambridge Road

Registered in England No: 05483197