Hilton guests warned to check credit card statements after hack

Hilton said the unauthorised malware targeted payment card information at Hilton Worldwide hotels. Photo / Getty Images

Guests of Hilton hotels in New Zealand have been urged to check their credit card statements after the global hotel chain was twice targeted by hackers.

Hilton has confirmed that hackers stole guests' credit card payment information at some of its point-of-sale hotel systems.

It has warned anyone who used credit cards at Hilton Worldwide hotels between November 18 and December 5 last year or April 21 and July 27 this year to watch for irregular activity in their accounts.

Asked specifically if guests staying at Hilton's New Zealand hotels - in Auckland, Taupo and Queenstown - were affected, a spokeswoman replied: "Payment systems were impacted across our global portfolio during the date range and consumers should be vigilant to check their statements if they stayed at one of our properties."

Computer forensic investigator and security expert Daniel Ayers said it was "highly likely" that Kiwi customers have been caught up in the cyber attack."[Hacking] is happening more and more these days. And the fact it keeps happening is of more concern than any one incident," he said. "If they have had a breach like this, you would have to conclude [Hilton] have had some problems with their cyber security."

He reiterated Hilton's call for customers to check their statements.

Customers also face the inconvenience of potentially cancelling and replacing credit cards, while such incidents can result in increased insurance and bank charges, Mr Ayers said.

In a global press release, the hotel chain said it has worked with third-party forensics experts, law enforcement and payment card companies to conduct a thorough investigation.

The company's investigation has found the payment card information may have included cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).

"You have my personal assurance that we take this matter very seriously, and we immediately launched an investigation and further strengthened our systems," said Hilton global brands executive vice president Jim Holthouser.

"However, as a precautionary measure, some of you may wish to review payment card statements during certain time periods."

Hilton said the unauthorised malware targeted payment card information at Hilton Worldwide hotels.

The Hilton portfolio includes Hilton Hotels & Resorts, Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Curio - A Collection by Hilton, DoubleTree by Hilton, Embassy Suites by Hilton, Hilton Garden Inn, Hampton by Hilton, Homewood Suites by Hilton, Home2 Suites by Hilton and Hilton Grand Vacations.