A hotel in Boca Raton and two others in South Florida are among a number that have been hit by hackers for months, collecting names and card account numbers.
Hyatt, Sheraton, Marriott and Westin hotels in 10 states and the District of Columbia are named in the breach.
According to the hotel operator HEI Hotels & Resorts, malware put into place in at least 20 locations may have collected names, card account numbers, card expiration dates and verification codes.
Data from customers may have been collected from early December, through late June. At some properties, HEI said, data collection may have begun as early as March 2015 at hotel locations where people bought food or drinks.
HEI said in a company release that, "We are treating this matter as a top priority, and took steps to address and contain this incident promptly after it was discovered."
HEI said that once it found out about the problem it transitioned payment card processing to a stand-alone system that's completely separate from the rest of its network. It disabled the malware and is in the process of reconfiguring various components of its network and payment systems to make them more secure.
The company said it's continuing to cooperate with the law enforcement investigation and coordinating with banks and payment card companies.
Anyone who used a card at HEI hotels in the given time frame should review their account statements and look for discrepancies or unusual activity, both over the past several months and going forward, the company said. Customers who notice anything out of place should contact their credit or debit card issuer.
Customers may also visit www.heihotels.com/notice for additional information about the incident.
The company says the breach has been contained and customers can safely use cards at all of its properties.
Florida hotels affected include:
- Boca Raton Marriott at Boca Center - dates affected: 3/1/2015-6/7/2015 and 12/15/2015-4/11/2016
- Royal Palm South Beach Miami - dates affected: 12/23/2015-6/6/2016
- Westin Fort Lauderdale - dates affected: 1/29/2016-4/13/2016
- Intercontinental Tampa Bay - dates affected: 3/21/16-6/15/2016
Hotel operator HEI Hotels & Resorts is reporting that at least 20 properties may have been hit by hackers for months, collecting names and card account numbers. Here's a look at the specific hotels and locations that may have been compromised:
CALIFORNIA:
- Hyatt Centric Santa Barbara
- Le Meridien San Francisco
- Renaissance San Diego Downtown Hotel
- San Diego Marriott La Jolla
- The Westin Pasadena
COLORADO:
- The Westin Snowmass Resort in Snowmass Village
ILLINOIS:
- Hotel Chicago Downtown
MINNESOTA:
- The Hotel Minneapolis Autograph Collection
- The Westin Minneapolis
PENNSYLVANIA:
- The Westin Philadelphia
TENNESSEE:
- Sheraton Music City Hotel in Nashville.
TEXAS:
- Dallas Fort Worth Marriott Hotel & Golf Club.
VERMONT:
- Equinox Resort Golf Resort & Spa in Manchester Village
VIRGINIA:
- Le Meridien Arlington
- Sheraton Pentagon City, Arlington
DISTRICT OF COLUMBIA
- The Westin Washington, D.C. City Center