The hotel chain was hit by malware designed to collect payment card information Omni Hotels & Resorts has reported that point-of-sale systems at some of its properties were hit by malware targeting payment card information.The attack on the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings.Omni in Dallas, Texas, said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. “The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” Omni said. There isn’t evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations. The malware may have been in operation between Dec. 23 last year and June 14 this year, although most of the systems were affected during a shorter timeframe, according to the hotel. The hotel chain, which offers hotels and resorts in the U.S., Canada and Mexico, could not be immediately reached for comment over the weekend for further details.Omni said after discovering the malware attack, it had immediately hired IT investigation and security firms and has now contained the intrusion. It did not specify why it had delayed to inform customers. Hackers have been using information stolen in the breach to make fraudulent purchases since late February, Andrei Barysevich, director of cybercrime research at Flashpoint, which worked with payment card issuers and payment processors to investigate the hack, told the Wall Street Journal. One hacker who went by the moniker JokerStash sold more than 50,000 payment card numbers related to the breach, Barysevich told WSJ.Omni informed customers than even if they had used their cards at any of the affected properties of the hotel, they may not be affected by the issue. However, it advised users to in abundant caution review and monitor their card statements if they used it at an Omni Hotel between Dec. 23 and June 14.Over a dozen types of malware were found last year that target point-of-sale systems, as cybercriminals redouble efforts to steal payment card information from retailers before new defenses are put in place, FireEye said in March. Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe