HEI Hotels & Resorts (HEI), which include Hyatt, Sheraton, Marriott and Westin Hotels have notified individuals who purchased food and beverages at 20 locations in 10 states and the District of Columbia that their credit card information may have been compromised due to a malware intrusion.

The intrusion occurred between early 2015 and June 2016, and included card holders’ names, card numbers, expiration dates and verification codes.

HEI warns customers to review their credit card statements for unusual activity or discrepancies. A list of the properties affected can be accessed here.