Hotel guests in at least 10 U.S. states and Washington DC have had their credit card information compromised due to a breach in the payment system security firewall, according to a report by Associated Press, and broadcast by ABC News.
Malware was found on the payment processing systems of more than a dozen properties belonging to HEI Hotels & Resorts, based in Norwalk, Connecticut.
Among the locations affected were 12 hotels in the Starwood network, six Marriott hotels and one Hyatt hotel.
The company, which operates nearly 60 hotels and resorts under a variety of brand names, was notified by its credit card processor that a potential breach had taken place between December 2015 and June 2016, although malware may infected systems at a few locations as early as March 2015.
According to the report, the hack affected cards used at point of sale terminals, such as the restaurants and stores within the hotels.
HEI said in its notice to consumers that as soon as the breach was made known the firm separated its payment card processing from the rest of its network, and now uses a stand-alone system. The malware was disabled and programmers are working to tighten security of the network and payment system.
The company added it’s continuing to cooperate with law enforcement officials in the investigation, and said the breach has been contained.