Starwood Hotels & Resorts Worldwide disclosed on Friday that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale systems at some of its hotels. This announcement makes Starwood the latest in a recent string of hotel chains to acknowledge credit card breach investigations, and comes only days after the company announced its acquisition by Marriott International. Starwood published a list of more than 50 of its hotel properties that were impacted by the breach.
Commenting on this, Ryan Wilk, director at NuData Security, said:
“When we set out on vacation, we like to think we’re getting away from it all and our only worry should be making flight connections. But hackers don’t take vacations, and they are just as excited about your vacation as you are. Why? Because while you’re enjoying yourself, they will be too when they skim your credit cards while you’re there.
On Friday, Starwood Hotels & Resorts disclosed that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale systems at some of its hotels. This credit card breach announcement is just one of a spate of similar hacks that have occurred over the last year or so targeting hotels.
While we can’t know for sure what hackers long-term plans are, it does seem credible that they are targeting specific industries that likely have the same exploits in order to maximise their efforts before moving on to the next industry. Once they get the card numbers, hackers then sell them on the Dark Web, use them directly in credit card cycling scams, or tie them to other data leaks to create full personas ripe for identity theft or fraudulent account creation, likely contributing to the overall increase in account takeovers we’ve seen, over 100% increase since February 2015.
If the information is out there, it’s only a matter of time before it’s tested and used. Instead of waiting for that shoe to drop, or bemoan how frequent these thefts are as if it’s simply the unavoidable cost of doing business in the digital age, it’s time to up our collective game. Behavioural analytics, using passive behaviour detection that doesn’t rely on personally identifying information, protects customers transactions and companies from fraud with the same surety of knowing you locked the front door before you left on holiday.”