Expert issues warning about malware on point-of-sale devices

Hilton Worldwide this week finally confirmed that the data breach that occurred either late 2014 or mid-2015 was due to malware that had been planted on its POS devices.

money-256319_1920There had been speculation that POS devices in Hilton’s gift shops and restaurants were infected.

This week, Hilton confirmed the breach in a statement, saying that it has “identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems. Hilton immediately launched an investigation and has further strengthened its systems.”

Retailers, hotels and companies in the leisure and hospitality industries that process payment data are known to be lucrative targets to cyber criminals, likely because of the amount of cash being spent.

The company revealed that the stolen information includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).

The importance of continuous monitoring

Tripwire CTO Dwayne Melancon warned leisure companies to be more cautious during the holiday season: “If they haven’t done so already, hotel chains should assess their networks to isolate their POS devices as much as possible from non-payment portions of their networks,” he said. “Additionally, it is vital that any business who relies on point-of-sale technology use a security system that can continuously monitor their systems to understand what a normal configuration looks like, so any suspicious changes to the point-of-sale system can be detected immediately and dealt with before a loss occurs.”

The hotel group has urged its customers to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel “over a seventeen-week period, from November 18 to December 5, 2014 or April 21 to July 27, 2015”.

Find out how to improve your POS security today by contacting IT Governance on 0845 070 1750.

PCI gap analysis