2 min read

Hilton to pay $700,000 settlement for mishandling security breaches; would be $420 million under GDPR

Luana PASCU

November 03, 2017

Hilton to pay $700,000 settlement for mishandling security breaches; would be $420 million under GDPR

The Hilton hotel chain, which has more than 4,000 properties in over 90 countries, has to pay a $700,000 settlement to the states of New York and Vermont following two point-of-sale attacks the company didn”t properly handle, writes BBC News.

Although the credit card breaches were identified in 2014 and 2015, and affected over 363,000 payment cards, Hilton Domestic Operating Company, Inc informed customers about them in November 2015, according to investigators. The lax security measures, as well as informing customers so late about the hack of their payment information, gave hackers free rein to make fraudulent purchases.

“Businesses have a duty to notify consumers in the event of a breach and protect their personal information as securely as possible,” said Attorney General Eric T. Schneiderman.

“Lax security practices like those we uncovered at Hilton put New Yorkers” credit card information and other personal data at serious risk. My office will continue to hold businesses accountable for protecting their customers” personal information.”

The company officially admitted the breach only after security researcher Brian Krebs wrote on his blog that a number of gift shops restaurants in the chain may have been hacked.

The first attack took place between November 18 and December 5, 2014, when a hotel computer was infected with malware to communicate with an outside server. Hackers used PoS malware to steal names, payment card numbers, security codes and expiration dates. The second attack was between April 21 and July 27, 2015, and again targeted payment card data.

Besides paying the fine to New York and Vermont in a joint settlement, Hilton will strengthen security and ensure any future breaches are announced as soon as identified.

“Hilton is strongly committed to protecting our customers’ payment card information and maintaining the integrity of our systems,” the company said in a statement.

As of May 2018 when the EU”s GDPR goes into effect, the outcome of such cases will change drastically. If the fine were in line with GDPR legislation, it would be $420 million, as the fine can represent up to 4 percent of the company”s turnover.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read