Washington DC July 16 2014 Business travelers have yet another security concern when they are on the road, particularly if they are frequent flyers at their hotels’ business centers.
According to new information reported on Krebs On Security, the U.S. Secret Service is warning business travellers that cyber criminals have been compromising hotel business center PCs with keystroke-logging malware. These programs allow thieves to steal personal and financial data from guests.
According to a non-public advisory for businesses released by the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, suspects have already been taken into custody regarding data thefts at several hotels in the Dallas/Forth Worth Area.
“In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,” the advisory reads. “The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”
This is the second entry into the news of a hotel breach. For six months, cyber-attackers breached the credit card payment system at The Houstonian Hotel. During the attack, hackers were able to access account information about an undisclosed number of customers, reports Bank Information Security.
“We have faced very similar breaches in the EU as well,” says Andrew Komarov, a point-of-sale malware expert and CEO of cybersecurity firm IntelCrawler. “There is a pretty big trend of hotels’ receptions’ POS terminals being compromised. Besides payment data, the bad actors can obtain sensitive PII [personally identifiable information] there as well about a hotel’s visitors.”