Six Hawaii hotels among 54 affected by Starwood data breach


NEW YORK (AP) — Starwood says hackers were able to see debit and credit card information of some people that dined or shopped at 54 of its hotels, including some Sheraton, Westin and W locations.

The Stamford, Connecticut-based hotelier says malware was found in payment systems at hotel restaurants, gift shops and other retail areas, but not at the front desk where guests pay for their stay.

The Hawaii resorts that were affected by the data breach (with specific dates) are:

  • Moana Surfrider Honolulu (Feb. 2, 2015 – April 4, 2015)
  • Sheraton Maui Kaanapali (Nov. 7, 2014 – April 16, 2015)
  • Sheraton Waikiki (Nov. 7, 2014 – April 8, 2015)
  • Westin Kaanapali Lahaina (March 2 – 26, 2015)
  • Westin Maui Lahaina (March 2, 2015 – April 8, 2015)
  • Westin Princeville (March 2 – 26, 2015)

Click here to see the complete list.

The malware, which has since been removed, infected payment systems since as early as November 2014.

Starwood Hotels & Resorts Worldwide Inc. says the malware exposed names on the cards as well as card numbers, security codes and expiration dates.

“We strongly encourage anyone who has used a credit or debit card to purchase food, drinks, or souvenirs at a Starwood property to check the list of hotels and identified dates of the data breaches,” said Catherine Awakuni Colόn, director of the state Dept. of Commerce and Consumer Affairs. “According to Starwood, the information compromised could be used to make fraudulent charges on credit and debit cards. Everyone should make it a habit to check your monthly statements and annual credit report.”

“This should be a wake up call to everybody,” said Stephen Levins, executive director of the states Office of Consumer Protection.

When it comes to protecting consumers he says identity theft is a real issue.

“It is really unfortunate, but we are seeing this every week,” said Levins. “It is just a plague that we have to deal with now.”

“Some bad people got into their computer system and started just harvesting names, address, credit card numbers, and even the security codes associated with the cards,” said Levins.

Levins says people who visited hotel restaurants, gift shops, or other retail locations at these hotels need to check their information as soon as possible.

“If you find something on there that is unusual contact your credit card company right away and let them know,” said Levins.

While things like this happen everyday there are steps you can take to protect yourself.

First just make sure your personal information like your social security card and account numbers or anything that is important is in a secure place.

You should also take the time to check your credit and debit card statements on a regular basis.

If you do find out your information has been compromised the best thing to do is to inform your bank immediately, because if don’t you might not get the money back.

DCCA has information on how to protect yourself following a security breach at This website includes links to sample forms and letters for victims of identity theft to help with the recovery process.

Copyright 2020 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Trending Stories