Starwood Hotels and Resorts has become the latest hotel group to be hacked.
Customer payment information including cardholder names, payment card number, security codes and expiration dates is affected.
A total of 54 hotels and resorts across the Americas have been hit by malware, for periods ranging from one day to several months between November 2014 and Octobter 2015.
These include brands such as Sheraton, St Regis, W Hotels and Westin Hotels, in locations ranging from Seattle and Los Angeles to Florida and New York.
For a full list of properties affected, and the dates involved, click here.
In a statement, Starwood said “Promptly after discovering the issue, [it] engaged third-party forensic experts to conduct an extensive investigation”.
As a result of this investigation, it “discovered that the point of sale systems at certain Starwood hotels were infected with malware, enabling unauthorised parties to access payment card data of some of our customers…
“The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date. There is no evidence that other customer information, such as contact information, social security numbers or PINs, were affected by this issue.”
The company said it is alerting affected customers about the incident “so they can take steps to help protect their information… the malware no longer presents a threat to customers using payment cards at our hotels”.
It has set up a helpline number – 1-855-270-9179 (US and Canada) or 1-512-201-2201 (international), Monday to Saturday, 0800 to 2200 CST.