What You Need to Know about the Hilton Hotels Data Breach

Hilton Hotels was formally opened in 1925 in Dallas, Texas. It is a hospitality company with at least 7,629 properties across 126 countries and territories, including the United States. The business manages, owns, or franchises about 23 brands, including Hilton Garden Inn, Waldorf Astoria, Hilton Hotels and Resorts, Homewood Suites, and Conrad Hotels. Hilton Hotels has over 173 million Hilton Honors members. Hilton Honors is a loyalty program established by the business that offers members exclusive perks when staying at any of their hotels. Considering the large size of the hospitality company and the type of information obtained from guests, Hilton Hotels became a target for a data breach in 2023.

Someone under the alias of IntelBroker reportedly put on sale data on 3.7 million members of the Hilton Honors loyalty program in a forum in 2023. According to the person, the stolen data contains honors (members) names, addresses, IDs, room type codes, check-in and out dates, and the hotel property, country, state, and city.

Initially, a representative of the hotel denied there was a data breach, claiming no evidence existed to suggest the company's systems were compromised. However, after examining the post on the hacker forum and investigating the alleged breach, Hilton admitted that at least 500,000 honors accounts were compromised after a cybercriminal reportedly accessed and stole a database of 3.2 million records from the hotel's network and uploaded it on a dark web forum. A representative of the hotel, however, claimed the information being offered for sale does not include guests' contacts, passwords, or financial data.

When Was the Hilton Hotels Data Breach?

The cybercriminal who breached Hilton Hotels' network reportedly claimed to have gained access to the company's systems and stolen the affected data in January 2023. The sample data of Hilton Honors members' information shared on the hacker forum appeared to be from Hilton Tucson El Conquistador Golf and Tennis Resort in Arizona.

How to Check If Your Data Was Breached

Hilton Hotels has claimed that no guest financial information, contacts, or passwords were disclosed in the alleged 2023 data breach. However, if you are a Hilton Honors loyalty program member, you can check whether your sensitive information was compromised by regularly monitoring your financial accounts for suspicious activity.

What to Do If Your Data Was Breached

If you believe your data was compromised in the alleged Hilton Hotels data breach that occurred in January 2023, it is best to change your passwords across all your online profiles. Also, always be on the lookout for updates from the company regarding the alleged data security breach. In addition, check your credit reports for any anomaly, be vigilant, and pay extra attention to your account activity across all platforms, including your bank and other financial accounts. Furthermore, consider signing up for reliable credit monitoring and identity theft protection services.

Are There Any Lawsuits Because of the Data Breach?

There is no record of any lawsuit against Hilton Hotels concerning the 2023 alleged data breach.

Can My Hilton Hotels Information Be Used for Identity Theft?

While Hilton Hotels has reportedly claimed that no guest contact, financial information, or password was compromised in the 2023 data breach, certain information stored in the company's database can be used for identity theft. The company's database holds customers' personal and financial information, which, when compromised, are recipes for identity theft and other types of fraud.

What Can You Do to Protect Yourself Online?

Besides the 2023 data breach suffered by Hilton Hotels, the company suffered two breaches in 2014 and 2015, exposing customers' credit card information. While the company makes several efforts to protect customers' sensitive data, most of the work lies with customers. The following are tips to help you protect yourself and your sensitive data online:

• Install security suites on your devices to prevent malicious programs from infecting them and stealing data from you.
• Create strong passwords for your online profiles and accounts. Such passwords should include a mix of numbers, letters (upper and lower cases), and special characters. Avoid using information such as name, date of birth, employer name, or other personal details in your passwords because they can be easily decoded.
• Consider changing your passwords frequently to ensure the security of your online accounts and profiles. Avoid using the same or similar passwords for multiple profiles, as many websites are compromised almost daily.
• Be careful not to open suspicious links or attachments sent via email or SMS texts from seemingly trusted sources.
• Avoid shopping online over public Wi-Fi, as oftentimes, shopping online requires entering some personal and financial details to complete transactions. Consider shopping online over your home network, which must be secured with a password.
• Avoid sending confidential information over an email.
• Enable multi-factor authentication where available to make your accounts or online profiles more secure.
• If you are highly organized, consider using different email addresses for different online accounts.
• Before entering sensitive information on a website, confirm that the site is secure. A secure site will have a lock sign at the top of the browser, and the URL will begin with "https."
• Educate yourself regularly on the latest cyber threats and how to protect yourself. Consider using  IDStrong for this purpose.
• Enable cookies on your web browser only when they are mandatory.
• Get used to locking your devices at all times with either a password or facial or fingerprint recognition.