NORWALK, Conn.–A company that operates 20 hotels across a number of well-known brands has become the latest to report a data breach.
HEI Hotels and Resorts, which operates hotels that include Marriott, Starwood, Sheraton and Westin brands, are all affected by the breach.
"We are pleased to report that the incident has now been contained and individuals can safely use payment cards at our properties," the company said in a statement.
Similar to other breaches, HEI said that "unauthorized individuals" had installed malware on its payment processing systems at these affected properties that was able to capture payment card information at the point of purchase. The systems were run by MICROS, which was acquired by Oracle in 2014.
Reportedly, the malware was first discovered in June and primarily at payment systems used at restaurants, bars, spas and lobby shops at the hotels. It is believed to have been put in place in March.
The company declined to say how many customers are affected, but a spokesperson confirmed that tens of thousands of transactions are involved. The company said customer names, account numbers, payment card expiration dates and verification codes are all likely to have been stolen.
According to HEI, the affected properites include: Starwood’s Westin hotels in Minneapolis; Pasadena, Calif.; Philadelphia; Snowmass, Colo.; Washington, D.C.; and Fort Lauderdale. Also affected were Starwood properties in Arlington, Va.; Manchester Village, Vt.; San Francisco; Miami and Nashville, Tenn..
The Marriott properties affected were in Boca Raton, Fla.; Dallas-Fort Worth, Texas; Chicago; San Diego and Minneapolis.