Starwood Hotels and Resorts Worldwide Inc. revealed today that some of its payment systems had been hacked, but while some payment details were compromised, it assured customers that the threat has now been eliminated.
The group - which includes many prestigious hotel brands, such as Sheraton, W Hotels, Westin, Le Méridien and Tribute Portfolio, among others - revealed that hackers had infiltrated point-of-sale payment systems at a "limited number" of its North America locations, infecting those systems with malware.
In a statement, the company said today:
"The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date.
Starwood stopped short of revealing any details about the precise strain of malware used to infiltrate those data, and it has not yet said how many payment cards may have been exposed.
However, it appears that additional customer information, beyond those card details, was not compromised:
There is no indication at this time that the Company’s guest reservation or Starwood Preferred Guest membership systems were impacted.
There is no evidence that other customer information, such as contact information or PINs, were affected by this issue.
The company went on to assure customers that "the affected hotels have taken steps to secure customer payment card information and the malware no longer presents a threat to customers using payment cards at Starwood hotels."
Starwood's President for the Americas, Sergio Rivera, said that the company has been "working closely with law enforcement authorities and...coordinating our efforts with the payment card organizations".
The timing of the breach is particularly unfortunate for Starwood, as it announced earlier this week that it has agreed a $12.2 billion acquisition by Marriott International, which will create the world's largest hotel chain.