Add Kimpton to String of Hotel Data Breaches Posted by AVCU on 11:05 AM

Another point of-sale malware attack was announced this week by Kimpton Hotels & Restaurants, a boutique hotel and restaurant chain with 62 properties in about 30 U.S. cities, including one in Manchester Village, Vermont. Payment card data and names may have been compromised via a POS malware infection that lasted nearly five months. Kimpton says that malware infected every one of the hotel's properties, potentially compromising cards used at front desks and many of the hotel's restaurants at various points between 2/16/16 and 7/7/16.

The chain's investigation revealed that malware was installed on servers processing payment cards used at the restaurants and front desks of some hotels, which searched for track data from the magnetic stripe of a payment card as it was being routed through the affected server. Compromised information included card numbers, expiration dates, card verification values and potentially cardholders' names.

The list of affected locations is posted on the chain's website.

Kimpton is owned by the InterContinental Hotels Group. It's announcement comes three weeks after hotel management firm HEI reported a POS malware breach affecting 20 U.S. hotels that it manages. Reports are that the two incidents are potentially related since the breached hotels managed by HEI include properties it manages for InterContinental Hotels Group, as well as Hilton, Hyatt, Marriott and Starwood.

Security and digital forensics firm, Hold Security, recently reported that 10 POS vendors had been compromised, including Cin7, ECRS, NavyZebra, PAR Technology and Uniwell. Attacks on those POS vendors date from mid-July. Holden reports that anywhere from 14 GB to 16 GB of data was acquired by hackers from most of the 10 identified POS providers.

Read more details in the original CU InfoSecurity article.