HEI Hotels & Resorts

HEI Hotels & Resorts is a hotel management company that operates properties under the flags of major international brands such as Starwood, Marriott, Hyatt and InterContinental. The firm focuses on delivering lodging experiences that include on‑site restaurants, bars and spa facilities for guests. Its headquarters is located in the United States of America, which also serves as the primary market for its managed properties. HEI Hotels & Resorts contracts with property owners to oversee day‑to‑day operations, staffing and guest services across the hotels in its portfolio. The company’s business model emphasizes the integration of food and beverage outlets and wellness amenities within the hotel environment. By aligning with recognized hospitality brands, HEI Hotels & Resorts seeks to leverage brand recognition while providing localized operational expertise. The firm’s services are aimed at both leisure and business travelers who expect consistent brand standards. Management responsibilities include revenue optimization, maintenance oversight and compliance with brand‑specific standards. HEI Hotels & Resorts also coordinates with corporate brand teams to implement marketing and loyalty programs at the managed hotels. The organization maintains a focus on delivering seamless guest experiences across the various properties under its management.

In March 2015, HEI Hotels & Resorts experienced a cybersecurity incident in which malware was discovered on the payment systems of twenty of its managed hotels located across several states. The malicious software was designed to capture payment card data, including cardholder names, numbers, expiration dates and verification codes, while leaving personal identification numbers unaffected. The breach affected transactions occurring at on‑site venues such as restaurants, bars and spas within the impacted properties. Upon detection, HEI Hotels & Resorts engaged external cybersecurity experts to conduct a thorough investigation of the incident. The company also notified federal authorities in accordance with applicable breach notification requirements. As part of its response, HEI Hotels & Resorts implemented an isolated payment processing environment to segregate card‑handling systems from other network assets. This architectural change was intended to reduce the risk of similar malware reaching payment terminals in the future. The incident highlighted the varying transaction volumes among the affected hotels, with some properties processing considerably more card payments than others. HEI Hotels & Resorts communicated with the relevant brand partners to ensure coordinated messaging and remediation efforts. The firm’s handling of the event demonstrated its capability to mobilize external expertise and respond to regulatory obligations. Following the incident, HEI Hotels & Resorts continued to monitor its payment infrastructure for signs of compromise. The episode remains a notable example of a point‑of‑sale malware attack targeting the hospitality sector.