Hilton isn't the first and it probably won't be the last of the big hotel companies which will have to pay fines for these all-too-common data breaches in the future.
Hotel operator Hilton will pay $700,000 to settle an investigation into two separate data breaches that exposed more than 350,000 credit card numbers.
The New York attorney general, who conducted an investigation along with his counterpart in Vermont, said Tuesday that one breach began in November 2014 and another in April 2015 but Hilton didn’t tell consumers until November 2015.
The state officials say Hilton didn’t comply with payment-card security standards.
Hilton spokeswoman Meg Ryan says the company cooperated with law enforcement and took steps to wipe out malware that targeted customers’ card information.
[Skift Editor’s Note: Hilton issued the following statement to Skift regarding the fines: “Two years ago, Hilton took action to eradicate unauthorized malware that targeted guest payment card information. We have completed a thorough investigation into this incident, including working closely with third-party forensics experts, payment card companies and law enforcement, including certain state Attorneys General. Hilton is strongly committed to protecting our customers’ payment card information and maintaining the integrity of our systems.”]
Virginia-based Hilton Domestic Operating Company Inc. was previously known as Hilton Worldwide. The company has more than 5,100 properties in about 100 countries under names including Hilton Hotels, DoubleTree by Hilton, Embassy Suites and Hampton by Hilton.
Subscribe to Skift Pro
Subscribe to Skift Pro to get unlimited access to stories like these ($30/month)Subscribe Now
Photo credit: The lobby of the Hilton Cleveland Downtown hotel. Parent hotel management company Hilton will pay fines of $700,000 for two data breaches that took place at its hotels in 2015. Hilton / Hilton Worldwide