Hyatt, Sheraton, Marriott and Westin hotels in 10 states and the District of Columbia may have been targeted by hackers for months.
The states where the hacking happened include locations in California, Colorado, Illinois, Minnesota, Pennsylvania, Tennessee, Vermont, Virginia, and the District of Columbia.
According to the hotel operator HEI Hotels & Resorts, malware put into place in at least 20 locations may have collected names, card account numbers, card expiration dates and verification codes.
Data from customers may have been collected from early December, through late June. At some properties, HEI said, data collection may have begun as early as March 2015.
HEI said in a company release that “We are treating this matter as a top priority, and took steps to address and contain this incident promptly after it was discovered.”
The company says the incident has been contained and customers can safely use cards at all of its properties.
Customers who notice anything suspicious on their accounts should contact their credit or debit card issuer immediately.