Partners: Hilton Data Breach Shows Retail Still Needs To Get Back To Security Basics

As yet another data breach hits retail, this time at the Hilton Hotel chain, solution providers said it shows the need for businesses to make sure they have their basics down when it comes to security.

The data breach reportedly affected point-of-sale registers in Hilton Hotel gift shops and restaurants, according to noted cybersecurity journalist Brian Krebs, who first reported the breach. Hotel reservation systems do not look like they were affected, the report said. Hotels possibly included in the breach are Hilton, Embassy Suites, DoubleTree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts, the report said.

It is not clear how many records were compromised in this data breach, but the report said it may date back to November 2014. Hilton said it is investigating the breach, but did not provide any additional information.

[Related: 10 Cutting-Edge Blackphone 2 Features That Enterprises Will Love]

id
unit-1659132512259
type
Sponsored post

This isn’t the first time that Hilton has been in hot water for data security issues this year. In March, the company's reward system, Hilton HHonors, was found to have a serious vulnerability that allowed for someone to access another user's account just by guessing the account number. From there, the hacker could view personal information and use rewards points or have them converted to cash. The vulnerability was discovered by Brandon Potter and JB Snyder of Bancsec, and prompted updates to the system that required an 8-digit password instead of just a PIN.

Solution providers said the breach is yet another reminder that businesses need to get back to basics when it comes to security. So far this year, there have been nine breaches made public in the retail and merchant sectors, according to the Privacy Rights Clearinghouse. That includes breaches at CVS Pharmacy, Starbucks, Sally Beauty Supply, Toys "R" Us and a variety of other more regional businesses.

While those incidents may open people's eyes to the reality of the data breach, Darren Calman, vice president of business development at Marietta, Ga.-based Simeio Solutions, said many companies, particularly smaller retail businesses, fail to put the lessons learned from this into practice. That is particularly important as smaller shops, such as the gift shops and restaurants involved in this breach, embrace more enterprise technology but might lack the technical know-how to implement them securely, he said.

"It really is unfortunate," Calman said. "I think that regulations and punishments to CEOs and others will have to come in place to make people [act] differently."

That being said, Calman said he sees the retail sector improving when it comes to security, with fewer breaches being seen when viewed from a macro level. For comparison, the Privacy Rights Clearinghouse found that in 2014, there were 43 breaches in the retail and merchant sectors, compared to nine so far this year.

"I think things are getting better," Calman said.

PUBLISHED SEPT. 28, 2015