The hotel operator HEI Hotels & Resorts, which operates approximately 60 hotels and resorts under a variety of brands, was notified by its credit card processor of a potential breach and started an internal investigation. The investigators found malware put into place on the payment processing systems in at least 20 of its properties, four of them in Florida.
Data from customers, including names, payment card account numbers, card expiration dates and verification codes, may have been collected between December 2015 and June 2016.
An undisclosed number of customers who used credit cards at Hyatt, Marriott, Sheraton, Westin and other hotels in Florida, as well as nine other states and the District of Columbia, may have had their cards compromised because of hack of the hotels’ payment system.
The hack reportedly affected cards used at point of sale terminals, including those at the hotels’ restaurants and stores from early December through late June, said officials from the Norwalk, Connecticut Company.
According to HEI Hotels & Resorts, systems at a few of the hotels may have been infected with the malware and data collection started as early as March 2015.
The affected Florida hotels are the Royal Palm South Beach Miami, Boca Raton Marriott at Boca Center, Intercontinental Tampa Bay and Westin Fort Lauderdale. If you visited these hotels between December and June, check your credit card statements.