The Hilton hotel chain to pay $700,000 in settlement to the states of New York and Vermont after being accused of mishandling credit card breaches in 2014 and 2015. The breach was said to have affected more than 363,000 customer credit card.
The investigation revealed that crooks installed a PoS malware in Hilton payment systems, potentially exposing customers’ card details between 18 November and 5 December 2014.
The second incident was spotted in July and dates back April of the same year. However, Hilton Domestic Operating Company, Inc didn't notify customers about the incident until November 2015.
The company is accused of poor security of its payment system and is responsible for the delay in informing customers.
“Businesses have a duty to notify consumers in the event of a breach and protect their personal information as securely as possible,” said Attorney General Eric T. Schneiderman.
As part of the settlement, Hilton will strengthen the security of its payment systems and internal procedures for incident handling.
Hilton later released a statement saying: “Hilton is strongly committed to protecting our customers’ payment card information and maintaining the integrity of our systems.”
A Lesson For Organizations To Secure Customer's Personal Information?
Although this could have happened to any organization. On the heels of The Hilton hotel chain, let other organizations alike take this into consideration. If you accept credit cards and personal information from customers to be entered into your company's data base, you have a great responsibility to not only protect your organization's system, but to protect the customers who trust you with their vital information as well. In cases where less than proper protocol is followed to avoid cyber risks, you are likely setting yourselves up for a serious liability.
-Allyson White, CEO