Another Possible Security Breach of Information With Hilton — This Time, With Credit Cards

nother possible security breach of information may have occurred as far back as November of 2014 with Hilton, as multiple sources in the banking industry claim to have traced a pattern of credit card fraud which suggests that point-of-sale registers in gift shops and restaurants at a large number of Hilton hotel properties — both corporate owned and owned by franchisees — across the United States have been compromised, according to this article written by Brian Krebs of Krebs on Security and recently reported in this article by Kathy Kass of Will Run For Miles, which is where I first found out about this story.

The claims are reportedly currently under investigation by employees of Hilton Worldwide, which suffered from a massive data breach when the accounts of members were sold for cents on the dollar by thieves, as I first reported in this article back on Friday, October 31, 2014.

To combat that attack, a CAPTCHA — which is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart — program was added to the area where you log into your Hilton HHonors frequent guest loyalty program account; and then 1,000 Hilton HHonors points was to be added to your account if you changed the personal identification number to access you account to a more secure password by Friday, April 10, 2015.

Come to think of it, I just checked my Hilton HHonors frequent guest loyalty program account — which, thankfully, appears to be intact — and I have never received those 1,000 Hilton HHonors points. Have you received them?

The brands of hotel properties at which the security breaches of information reportedly occurred include Hilton, DoubleTree, Hampton Inn and Suites, Embassy Suites, and even Waldorf Astoria Hotels & Resorts.

In the meantime, FlyerTalk members are currently discussing this news. FlyerTalk member hfly reported that “In the last 24 hours Two of my banks have gotten in touch with me to inform me that my cards are blocked and they are sending me new ones due to the data breach and that this goes back as far as January, and effects many Hiltons outside of the United States as well, and not just sundries as at one hotel there were none, furthermore I should mention that one is a chip card. I think that by Monday or Tuesday this is going to be a major story/issue.”

Summary and Advice

As this story continues to develop — and I intend to post updates here at The Gate — there is some advice which I believe will help to protect your credit card: because the fraudulent activity appears to be occurring at point-of-sale registers in gift shops and restaurants and not at the front desk, choose instead to bill them to your room account to be paid when you check out — if you are indeed staying as a guest of the hotel property, of course. In addition to avoiding the point-of-sale registers and keeping your credit cards more secure, you will also have a documented record of your purchases; your entire bill will be consolidated; and you might even earn additional Hilton HHonors points from those purchases, depending on what you purchased.

Photograph ©2015 by Brian Cohen.

2 thoughts on “Another Possible Security Breach of Information With Hilton — This Time, With Credit Cards”

  1. Carl P says:

    I did get the 1,000 on April 3, 2015. It was labeled PASSWORD UPDATE 1K POINTS OFFER.

    No problem with credit cards, but I don’t recall the last time I used the Hilton gift shop or restaurant (except room service).

    1. Brian Cohen says:

      I used a gift shop at a Hilton hotel in Egypt earlier this year, Carl P — but other than that, I typically avoid gift shops in hotels in general; and if I use the restaurant, I request that they bill my room rather than me pay on the spot.

      Thank you for the information pertaining to the 1,000 Hilton HHonors points. That label is definitely not in my account statement; so it looks like contacting someone at Hilton HHonors is in order…

Leave a Reply

Your email address will not be published. Required fields are marked *