The Millenium Hotels & Resorts North America and the Noble House Hotels and Resorts group fell victim to POS malware attacks.
The POS Malware Continue to Disrupt Businesses Worldwide
The Millennium Hotels & Resorts North America company located in Denver reported a POS malware attack that has lasted for more than three months had breached payment card information. The exploit was done by using food and beverage payment systems at all hotels, totaling 14 locations in the United States. Also, a resort in Kirkland, Wash, warned that one of its properties had an active infection with malware for two months.
In all cases, the malicious users have probably compromised the payment information of the customers – cardholder names, payment card numbers, expiration dates and security (CVV) numbers.
The company stated that it had been alerted to the breach by a “third-party service provider”. The hotel property management software and the booking systems are separated from the food and beverage POS systems that were hacked, so there would be no damage incurred to them. The hotel chain runs their services in isolated networks to prevent intrusions into the critical infrastructure.
Their staff has changed all access passwords for the affected systems after notification of the breach. Reports indicate that the intrusion affects less than 5000 payment cards.
The other breach happened at the Noble House Hotels and Resorts chain. It’s Ocean Key Resort & Spa in Key West was infected by POS malware as well during April 26 to June 8. The issued security notification alerts that anyone using a payment card during the period could be affected.
The company will reimburse all fraud charges that are reported by customers.
Both attacks follow a series of sophisticated attack campaigns targeted against big corporations.