Was My Hotel Hacked? Card Data Possibly Stolen At 20 Westin, Sheraton And Marriott Locations

If you've stayed at a hotel in the United States recently, your personal information may be at risk.

HEI Hotels and Resorts — which manages more than 50 hotels, among them many Marriott and Hyatt locations — revealed Sunday that it was a victim of a software hack that may have stolen customers' names and credit card information. Reuters reported "tens of thousands of food drink and other transactions" may be affected.

"We were recently alerted to a possible security incident potentially affecting certain HEI properties," the company wrote on its website. "We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems."

The scamming could have taken place as early as March 1, 2015 and as late as June 21 of this year. Possibly affected hotels include:

• Boca Raton Marriott at Boca Center in Florida
• Dallas Fort Worth Marriott Hotel & Golf Club in Texas
• Equinox Resort Golf Resort & Spa in Vermont
• Hotel Chicago Downtown in Illinois
• Hyatt Centric Santa Barbara in California
• Intercontinental Tampa Bay in Florida
• Le Meridien Arlington in Virginia
• Le Meridien San Francisco in California
• Renaissance San Diego Downtown Hotel in California
• Royal Palm South Beach Miami in Florida
• San Diego Marriott La Jolla in California
• Sheraton Music City Hotel in Tennessee
• Sheraton Pentagon City in Virginia
• The Hotel Minneapolis Autograph Collection in Minnesota
• The Westin Minneapolis in Minnesota
• The Westin Pasadena in California
• The Westin Philadelphia in Pennsylvania
• The Westin Snowmass Resort in Colorado
• The Westin Washington, D.C. City Center
• The Westin Fort Lauderdale in Florida

HEI said on its website it doesn't know who was impacted by the malware, though it does know that the hack only occurred at point-of-sale locations like gift shops, restaurants and spas. The hack has since been fixed and the security systems updated.

If you think your card info may have been compromised, NerdWallet recommends you call your bank as soon as possible so it can cancel your card and send you a new one. While you're waiting, log into your online bank account and change the password. Then make sure you go through and set all your automatic bill payments to come from another card.