Add Starwood – owner of the Sheraton, Westin, W hotel chains – to the ranks of resorts infiltrated by credit card-stealing malware.
The luxury hotel chain said on Friday that 54 of its North American locations had been infected with a software nasty that harvested banking card information from payment terminals and cash registers.
Starwood said the 54 compromised hotels [PDF] were scattered throughout the US and Canada, and were infected from as early as November of 2014 to June 30 of this year. Malware was found in payment systems in gift shops, restaurants, and sales registers.
Data stolen by the software could include customer names, credit card numbers, card security codes, and expiration dates. Starwood said that customer addresses, reservation data, and reward card information were not exposed in the breach.
When will the business community take security seriously? My experience working with businesses is that few do. Small businesses are the worse, but you never hear about that. Yet their data, including customer data, is being hoovered up faster than you can imagine. That said, mid and large enterprises are not much better. Attacks are one every few seconds on average on a typical firewall that we manage.