NEW YORK — The Hilton Domestic Operating Company Inc., has reached a $700,000 settlement with the New York Attorney General’s Office for two data breaches that occurred in 2015 exposing more than 350,000 credit card numbers.
New York Attorney General Eric Schneiderman recently announced the settlement with Hilton Domestic Operating Company Inc., formerly known as Hilton Worldwide, for not providing consumers timely notice and for not maintaining reasonable data security in the company’s data breaches.
“Businesses have a duty to notify consumers in the event of a breach and protect their personal information as securely as possible,” Schneiderman said in a news release. “Lax security practices like those we uncovered at Hilton put New Yorkers’ credit card information and other personal data at serious risk. My office will continue to hold businesses accountable for protecting their customers’ personal information.”
In February 2015, Hilton, which is one of the largest hospitality companies in the world, allegedly learned of a data breach that involved a system in the United Kingdom used by the company. According to the Attorney General’s Office, Hiltons’ system was communicating with a “suspicious” computer outside of the company’s computer network.
It was later revealed that credit card targeting malware had exposed data from cardholders from November- December 2014. A second breach also took place in July 2015 involving Hilton’s intrusion detection system.
According to the settlement, Hilton must provide immediate notice to consumers affected by the breach, maintain an information security program as well as perform data security assessments.