The Hilton Group is investigating claims that its US retail and food outlets have been the victim of a credit card hack.
The breach reportedly affects point of sale (PoS) systems in a number of Hilton Hotel shops and restaurants, according to security expert Brian Krebs.
"In August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a bricks and mortar entity that is known to have extended from 21 April 2015 to 27 July 2015. The alerts to each bank included card numbers that were suspected of being compromised," Krebs wrote on KrebsOnSecurity.com.
"Sources at five different banks say they have now determined that the common point of purchase for cards included in that alert had only one commonality: they were all used at Hilton properties."
Krebs quoted sources as saying that the fraud seems to have stemmed from compromised PoS devices, but is not thought to affect guest reservation systems.
The Hilton Group confirmed to V3 that the company is now investigating the claims. "Hilton Worldwide is strongly committed to protecting our customers' credit card information. We have many systems in place and work with some of the top experts in the field to address data security," said a Hilton Worldwide spokesperson.
"Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today's marketplace. We take any potential issue very seriously, and we are looking into this matter."
Earlier this year in a similar incident, the Mandarin Oriental hotel chain admitted that it had discovered a malware attack on its credit card systems.
"Based on our forensic investigation, it appears that this malware was designed to access the credit card numbers at the time of transaction as they were being transmitted," the firm said at the time.
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith
Chambers joined Cisco in 1991 after leaving ailing Wang Labs
Morphisec discovered malware compromise first, claims Avast, not Cisco