While still unconfirmed, multiple independent sources have found data suggesting that the Hilton Hotel chain has suffered a massive theft of customer data from a large number of locations. Banks have sent out alerts since August about the theft, which has been tied to a point of sale intrusion at hotel front desks and gift shops at the hotel and resort chain.
Krebs on Security claims that five banks have confirmed that a notification sent in August to card holders is related to a Hilton breach. Customers weren't notified of location of the breach, in defiance of a banking law on required notifications. Also said to be compromised, besides just Hilton resorts, were Doubletree locations, Embassy Suites, Hampton Inn and Suites, as well as the luxury Waldorf Astoria Hotels and Resorts, all owned by Hilton.
In a statement made after being queried about the breach, the company said that "Hilton Worldwide is strongly committed to protecting our customers' credit card information. We have many systems in place, and work with some of the top experts in the field to address data security. Unfortunately, the possibility of fraudulent credit card activity is all too common for every company in today's marketplace. We take any potential issue very seriously, and we are looking into this matter."
Krebs has also been told that while the warnings send to customers are for questionable account activity between April 21 and July 27 of this year, the breach dates back to November 2014, and is likely still ongoing. Unknown is the number of customers affected by the intrusion.