Hotel Data Breach: Credit and Debit Card Data Stolen From 20 Hotels


The criminals appear to have taken names, payment card account numbers, card expiration dates and verification codes.
Credit card data was stolen from 20 U.S. hotels, including five here in California, leaving consumers vulnerable to fraudulent charges or identity theft.

The hotels are owned and operated by HEI Hotels and Resorts. They include Marriott, Hyatt, Westin, Sheraton and other major brands. The hotels in California are:

Le Meridien San Francisco
Renaissance San Diego Downtown Hotel
San Diego Marriott La Jolla
The Westin Pasadena
Hyatt Centric Santa Barbara
See the full list of 20 hotels where the data breach occurred along with the impacted dates.

HEI reports that the breach happened at point-of-sale terminals that were infected with malware. The company doesn’t store the credit and debit information from those terminals, so potential victims will not be notified by HEI.
Instead, “we recommend that you carefully check credit reports for accounts or inquiries you do not recognize,” the company said in a statement. “If you see anything you do not understand, call the credit agency immediately. If you find any suspicious activity on the credit reports, call your local police or sheriff’s office, and file a police report for identity theft and get a copy of it. You may need to give copies of the police report to creditors to clear up credit records.”

Checking credit card and bank statements is not enough. Check your credit report to make sure that the thieves have not opened new credit cards in your name.