Hilton Hotels appear to be the latest in a long line of companies that have suffered a significant data breach involving credit cards and debit cards.  The hacking appears to have occurred between April 21, 2015 and July 27, 2015 although it may go back as far as November of 2014.  As is most often the case, the hacking was not discovered by Hilton, but rather by a number of credit card issuing banks that picked up a pattern of fraudulent charges that they were able to trace back to gift shops and restaurants at a number of Hilton properties which include not only Hilton Hotels, but Embassy Suites, Doubletree, Hampton Inn and Suites as well as the Waldorf Astoria Hotels and Resorts.  This type of data breach is something about which I wrote for USA Today in a column a year ago in which I explained the pattern for these data breaches and why they occur.  Here is a link to that column, entitled “Coming Soon:  Another Major Retailer Hacked.”  http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

For its part, Hilton released a statement saying, “Hilton Worldwide is strongly committed to protecting our customers’ credit card information.  We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately, the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously and we are looking into this matter.”

The problem continues to be one of weak cybersecurity of many companies coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards about which I wrote in detail in September 23rd’s Scam of the day.  New regulations mandate credit card issuers and retailers to switch over to the new smart EMV chip cards by October 1st or risk increased legal liability, but unfortunately, many companies have not switched over and are not expected to do so by October 1st.  If smart EMV chip cards had been used at Hilton, the information stolen in such a hacking would have been worthless, but since they still used the old fashioned magnetic strip cards, Hilton and its customers face financial problems from this data breach.  Target, which learned its lesson the hard way has already switched to the new EMV chip cards as has WalMart.


Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted a year ago, continue to occur again and again.  As for we, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  They are easy to use and they will provide you with much greater security.  If you used a credit card or debit card at any of the above-mentioned Hilton properties during the dates indicted above, you should carefully monitor your credit card account and bank account for any indication of a problem.