Hilton Hotels fined for data breaches

Getty Images

The company behind the Hilton Hotel is the payment of a $ 700,000 (£525,000) fine after being accused of improper use of two separate the credit card data breaches.

The attacks have been in 2014 and 2015.

More than 363,000 accounts were put at risk, even if it is not yet clear if the authors were able to extract all the details.

US government investigators said the company had taken too long to warn customers and lacked adequate safety measures.

The penalty will be divided between the states of New York and Vermont. The attorney general accepted the agreement with the company, which operates properties under the Waldorf Astoria, the Conrad Hotel and DoubleTree brands, in addition to Hilton.
Malware Alerts

The first of the two cases was discovered in February 2015, when Hilton learned that one of its UK-based communications systems with a suspicion of computers outside of its network.

Checks revealed that the credit card-targeting malware has infected the cash register computer, potentially exposing the customer to your credit card between 18 November and 5 December 2014.

In the second incident, an intrusion detection system alerted Hilton to another problem: in the month of July 2015. A subsequent probe revealed that payment card data was again targeted by malware in the month of April of the same year.

Hilton just notified the public about the violations in the month of November 2015, that has been more than nine months after the first discovery and more than three months after the second.

From this point of view, there had already been media reports that several banks suspected the card details had been stolen from payment systems used in Hilton souvenir shops and restaurants.

Even if the Virginia-based company is still found no evidence that data had been stolen in both cases, the attorney general noted that the intruders had used anti-forensic tools that had made it impossible to determine exactly what had been done.

As part of the transaction, the company has promised to reveal future violations more quickly and to perform regular security testing, among other advanced security measures.

“Hilton is committed to the protection of our customers, payment card information and maintaining the integrity of our systems,” the company said in a statement.