2 min read

Credit card-stealing malware hits 54 Starwood hotels


November 24, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Credit card-stealing malware hits 54 Starwood hotels

Hackers have managed to steal the credit and debit card details of customers who made purchases at 54 North American Starwood-run hotels, after infecting point of sale systems with malware.

In a statement, the company warned that payment card information – including cardholder names, payment card numbers, security codes and expiration dates – were taken from customers who shopped at restaurants, gift shops and other point of sales systems at affected Starwood locations.

Affected hotels include ones operating under the Sheraton, Westin and W brand names.

At the time of writing, Starwood Hotels & Resorts says it has not found any evidence that the company’s guest reservation or Starwood Preferred Guest membership systems were compromised by the hackers, but it would obviously not do any harm to be cautious.

So, if you have ever used your credit card at a Starwoods hotel, shop or restaurant, you might be wise to keep an eye on your statements to see if there are any unexpected transactions. If you believe your account may be at risk, then you may be wise to contact your bank or card issuer immediately.

Starwood has produced a list of affected locations, and specific dates during which it believes each site was compromised – some dating back as far as May 2014.


Starwood says it has brought in third-party digital forensic experts to investigate the intrusion, and has taken steps to better secure customers’ payment card information.

Starwood is the latest in a line of hotels and resorts that have recently found their systems compromised by malware – other victims have included Hard Rock’s Las Vegas Hotel & Casino, the Las Vegas Sands casino, Trump Hotels, and FireKeepers Casino and Hotel.

This week it was announced that Marriott International was buying Starwood Hotels to form the biggest hotel chain in the world.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like