« Disaster Recovery

Third-party services hacked at Hilton Hotels

Data breach occurs at Hilton's nationwide.
Data breach occurs at Hilton's nationwide.

Industry sources indicate that the Hilton Hotels suffered a data breach recently that could extend as far back as April of this year.

Cyber security guru Brian Krebs at Krebs on Security, who has a long track record of breaking news on major data breaches, reported that multiple banking industry sources traced recent credit card fraud patterns back to Hilton Hotel properties across the United States. They suggest that hackers compromised point of sale hardware at the hotel giant's various on site gift shops and restaurants.

Hilton is reportedly investigating the claims.

Krebs explained that indications began appearing last month when Visa sent alerts to various financial institutions for breaches occurring between April 21 and June 27 of this year. Visa suggested that credit card numbers were compromised but, according to their own internal policies, did not disclose the source of the breach.

Shortly thereafter, five separate banks claim to have found the commonality between all of the hacks: they all occurred at Hilton properties. This includes not only Hilton branded locations, but subsidiaries Embassy Suites, Doubletree, Hampton Inn and Suites and the Waldorf Astoria Hotels and Resorts.

"Hilton Worldwide is strongly committed to protecting our customers' credit card information," Hilton said in a statement after the report became public. "We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today's marketplace.  We take any potential issue very seriously, and we are looking into this matter."

As part of a common trend in these specific types of breaches, hackers completely ignored the hotel's booking system and targeted third party amenities, like restaurants and gift shops.

Companies that have yet to develop their own disaster recovery strategy can partner with a business continuity consultant with extensive experience handling these issues.