Hackers twice broke into Hilton's computer systems.
Hilton Hotels said on Tuesday it had been the victim of a security breach.
The hotel chain’s notice comes two months after the company began investigating whether hackers had attacked its properties. The news also follows initial reporting by Brian Krebs, an independent cybersecurity journalist, who caught wind that payment card terminals at the company’s restaurants, bars, and gift shops may have been compromised.
Hilton HLT confirmed the cyber intrusion in a recent statement, saying it had “identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems.” The company, based in McLean, Va., said it “immediately launched an investigation” and “further strengthened” its systems.
Hilton did not reveal how many properties might be affected, nor did it confirm how many customers’ credit card or debit card information might have been stolen. “We cannot address the actual number of cards impacted,” the company said in an FAQ about the incident, adding that the potentially stolen information includes “cardholder names, payment card numbers, security codes and expiration dates, but no addresses, personal identification numbers (PINs) or Hilton HHonors account information.”
The hotel franchise operates more than 4,500 properties across 97 countries and territories, and its holdings include the brands Doubletree, Embassy Suites, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts.
Hilton recommended that its customers check their banking records in the event that they made a purchase at one of the company’s hotels during a 17-week period spanning between Nov. 18 to Dec. 5, 2014, or between April 21 to July 27, 2015. “If you notice any irregular activity on your cards, please contact your financial institution directly for additional support,” the company said.
The company has also offered one year of free credit monitoring to potentially affected customers.
Hilton is the latest victim of a security breach in the hospitality industry. Starwood—the Westin, Sheraton, and W Hotels-owning hotel chain that Marriott MAR recently agreed to buy for about $12 billion—said just days ago that it had suffered a months-long data breach at 54 locations. Trump Hotels also recently confirmed that it had been hit with a year-long payment systems breach. Other recent victims include Mandarin Oriental Hotel Group and White Lodging.
For more on hotels, watch the video below:
Follow Robert Hackett on Twitter at @rhhackett. Read his cybersecurity, technology, and business coverage here. And subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology, where he writes a weekly column.