McLean, Virginia – 1 November 2017 –
Hilton Worldwide agreed to pay US$700,000 and bolster security to resolve probes into two data breaches that exposed more than 363,000 credit card numbers, the attorneys general of New York and Vermont announced.
The settlement resolves claims that the hotel chain lacked reasonable data security and was too slow to tell consumers about the intrusions, waiting 9-1/2 months after learning of the first and more than three months after learning of the second, Reuters reported.
New York Attorney General Eric Schneiderman said a breach occurred in late 2014 when a Hilton system in the UK began communicating with a suspicious outside computer, while another occurred in the spring and summer of 2015.
The company did not tell consumers about the breaches until November 24, 2015.
The settlement requires Hilton to disclose breaches faster, improve monitoring for potential threats, and adhere to data security standards used in the card industry.
“Two years ago, Hilton took action to eradicate unauthorized malware that targeted guest payment card information,” Hilton said in a statement.
“Hilton is strongly committed to protecting our customers’ payment card information and maintaining the integrity of our systems.”