Security & Fraud

Hilton Settles Data Breach Suit for $700,000

The attorney general of New York announced a settlement with Hilton over the exposure of hundreds of thousands of credit card details, CNBC reported. The hospitality chain has agreed to pay a $700,000 settlement.

Hilton brands include Conrad, DoubleTree, Embassy Suites and the Waldorf Astoria, Reuters reported.

Eric Schneiderman, New York attorney general, said that the settlement comes after the exposure of more than 350,000 credit cards following a series of security breaches in 2014 and 2015.

Schneiderman said that a data breach occurred in late 2014, when a Hilton system in the United Kingdom began communicating with an outside computer. The next breach occurred in the spring and summer of 2015.

A probe conducted in cooperation with the Vermont attorney general indicated that Hilton failed to provide consumers with timely notice of the breaches and did not provide a reasonable level of security. Schneiderman said that Hilton did not disclose the breaches until Nov 24, 2015, per the Reuters report.

New York will receive $400,000 from the settlement, while Vermont will receive the remaining $300,000.

Beyond the $700,000 figure, the settlement requires that Hilton provide those affected by a breach with immediate notice, maintain a comprehensive information security program and conduct routine data security assessments.

“Two years ago, Hilton took action to eradicate unauthorized malware that targeted guest payment card information,” Hilton said in a statement. “Hilton is strongly committed to protecting our customers’ payment card information and maintaining the integrity of our systems.”

Hilton’s 2015 move to improve online security resulted in unauthorized users gaining access to accounts of the hotel chain’s loyalty program clients. The security hole, since closed, allowed users to cash out loyalty points in the form of gift cards.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.