Malware aimed at stealing credit and debit card information was found on payment systems at restaurants and stores in 54 Starwood hotels in North America, according to a letter from company president Sergio Rivera that was posted online. The admission came just days after Marriott International announced it was acquiring the hotel brand.
"The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date," the letter said. The company said there was no evidence so far that other customer information, its guest reservation, or Starwood Preferred Guest membership systems were affected by the breaches.
A list of the locations affected shows that the breaches happened between November 2014 to October 2015.
The company said it has arranged for a year of free identity theft and credit monitoring services to customers affected by the breaches.