Retailers, hotels and restaurants have all been victimized through the same Achilles' heel that cybercriminals continue to attack: the point-of-sale system, where customers' payment data is routinely processed. These digital cash registers are often the target of malware designed to steal credit card numbers in the thousands or even millions. This year, fast food vendor Wendy's, clothing retailer Eddie Bauer and Kimpton Hotels have all reported data breaches stemming from such attacks. Security experts, however, are encouraging a variety of approaches to keep businesses secure from point-of-sale-related intrusions. Point-of-sale malware can strike in a number ways.
HEI Hotels & Resorts has reported a possible compromise of payment card information at its point-of-sale terminals, the latest in a string of attacks on such systems at hotels, hospitals and retailers. The company, which manages close to 60 Starwood, Hilton, Marriott, Hyatt and InterContinental properties, said it appears that malicious software was installed on the payment processing systems at certain properties, with the aim of harvesting the card data as it was routed through the systems. The compromise may have possibly affected the personal information of some hotel customers who made payment card purchases at point-of-sale terminals, such as food and beverage outlets, at certain HEI managed properties. HEI in Norwalk, Connecticut, did not specify how many people were likely to have been affected. The data compromised may have included payment card data, including name, payment card account number, card expiration date, and verification code, it said.
Clothing retailer Eddie Bauer has informed customers that point-of-sale systems at its stores were hit by malware, enabling the theft of payment card information. All the retailer's stores in the U.S. and Canada, numbering about 350, were affected, a company spokesman disclosed Thursday. He added that the retailer is not disclosing the number of customers affected. The card information harvested included cardholder name, payment card number, security code and expiration date. The retailer said that information of payment cards used at its stores on various dates between Jan. 2 and July 17, 2016 may have been accessed, but added that not all cardholder transactions were affected.
Omni Hotels & Resorts has reported that point-of-sale systems at some of its properties were hit by malware targeting payment card information. The attack on the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings. Omni in Dallas, Texas, said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. "The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date," Omni said. There isn't evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.