Security & Fraud

Kimpton Hotels Caught In Data Breach

Another one bites the dust, as they say.

Kimpton — the operator of a chain of boutique hotels nationwide — has been the latest operator hit by data breach via implanted malware.

As of yesterday (Aug 31), Kimpton reported that it had discovered malware on servers that processed payment cards used at some of its hotels and restaurants. Said malware did exactly what one might have expected it would to — grabbed up all relevant card information such as card numbers, cardholder names, expiration dates and internal verification codes.

Kimpton discovered that it had been breached after being informed in July of unauthorized charges at least one customer suffered after leaving a Kimpton property. So far as the chain can tell, cards used at the front desk of certain Kimpton restaurants between February 16 and July 7 are most likely to have been affected. The chain at least has the dull comfort of knowing it is not alone in its recent issues. Hotel operator HEI Hotels and Resorts discovered similar malware earlier this month.

The chain has published a list of properties where customers’ cards may be affected, along with specific at-risk time frames. Kimpton has also stated it will contact customers whose data may have been exposed in the breach.


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.

Click to comment