This security breach occured over 6 months ago
I know because I 1st advised Hilton of the problem on 27 Sep 2010 and a few times since. Emails, faxes, phonecalls. They have NEVER responded....
When I registered with Hilton Honors, I gave a unique email address. hh@mydomain.co.uk
Instantly I know the source of the data security breach. Emailed links to 'filth', repeated very malicious invites to update my Skype & Acrobat....
Not following through on such matters in a timely fashion, sitting on the knowledge, should be made a major issue. Failure to advise in a timely fashion should make the leaker financially responsible for any loss before the warning is issued.
Still I can get my own back. Having changed my Hilton registered email address, I can easily redirect all mail sent to the original address to Hilton senior management... No longer my problem!