Hackers may have targeted guests of HEI Hotels & Resorts, which has properties under brands including Marriott, Westin and Sheraton.
The 20 affected locations are in 10 states and the District of Columbia, the hotel operator said.
Hotel guest data may have been stolen
Read more: This is all that a thief needs to access your hotel room… and it’s not your room key
According to a posting on HEI’s website, someone gained access to the company’s computer system and may have obtained payment card information.
These are the properties that may have been affected:
HEI says those at risk are customers who made credit or debit card purchases at point-of-sale terminals, such as at the hotel restaurant, gift shop or spa.
If you stayed at any of these hotels during the specified times, check your statements carefully.
It’s also a good idea to review your credit report, which you can do for free at AnnualCreditReport.com, and immediately report anything unusual.
HEI says the suspicious malware has been removed and it’s safe to use payment cards there again.
Read more: How to prevent, report and repair ID theft