NEW YORK - A data breach at 20 U.S. hotels operated by HEI Hotels & Resorts for Starwood, Marriott, Hyatt and Intercontinental may have divulged payment card data from tens of thousands of food, drink and other transactions, HEI said on Sunday.
The breach follows similar attacks at Hyatt Hotels Corp and Starwood Hotels & Resorts Worldwide Inc in recent months.
Norwalk, Connecticut-based HEI, which is privately held, said malware designed to collect card data was found on HEI's systems.
The malware was discovered in early to mid-June on payment systems used at restaurants, bars, spas, lobby shops and other facilities at the properties, Chris Daly, a spokesman for HEI, said in emails and phone calls.
The number of customers affected is difficult to calculate because they might have used their cards multiple times, Daly said. About 8,000 transactions occurred during the affected period at the Hyatt Centric Santa Barbara hotel in California, and about 12,800 at the IHG Intercontinental in Tampa, Florida, Daly said.