Hilton Worldwide said that it has discovered malware on its point-of-sale terminals that was aimed to grab payment card information.
The hotel chain said it has "taken action to eradicate unauthorized malware" and started an investigation. Hilton also said it has strengthened its systems.
According to a statement, Hilton customers may have been effected from Nov. 18 to Dec. 5 2014 and April 21 to July 27. That 17-week period with large gaps indicates the malware would go quiet for a bit and then strike.
Hilton Worldwide worked closely with third-party forensics experts, law enforcement and payment card companies on this investigation, and determined that specific payment card information was targeted by this malware. This information includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).
The company said that it is offering credit monitoring and has provided an update page.