MCLEAN, Va.–Hilton Worldwide has now acknowledged that it suffered a data breach during 2014 and 2015.
It declined to say how many of its hotels, customers or payment cards were involved. Instead, Hilton, which had earlier denied that any breach had occurred, now says the breach was the result of "unauthorized malware that targeted payment card information in some point-of-sale systems.” The information, released on Nov. 24 in a press released, said the POS malware successfully stole cardholders' names, plus payment card numbers, security codes and expiration dates, but that no addresses or personal identification numbers for cards were stolen.
The breach was first reported by security blogger Brian Krebs in late September.
Several card issuers have also confirmed they have started to see significant fraud related to the Hilton breach.
Nearly all of the Hilton brands were affected.