White Lodging Services, an independent hotel management company, said on Monday that point-of-sale (POS) systemsat 14 of its propertiesmay have been breached, resulting in exposure of customer payment data from Mar. 20 to Dec. 16, 2013 at food and beverage outlets such as hotel restaurants and lounges.
The company also said that one property, the Radisson Star Plaza in Merrillville, IN, may have had both its point-of-sale system and its property management system used at the front desk compromised, indicating that hotel guests’ credit card information was put at risk.
According to the hospitality company, the food and beverage outlets affected by the suspected breach were the following hotel locations:
• Marriott Midway, Chicago, IL
• Holiday Inn Midway, Chicago, IL
• Holiday Inn Austin Northwest, Austin, TX
• Sheraton Erie Bayfront, Erie, PA
• Westin Austin at the Domain, Austin, TX
• Marriott Boulder, Boulder, CO
• Marriott Denver South, Denver, CO
• Marriott Austin South, Austin, TX
• Marriott Indianapolis Downtown, Indianapolis, IN
• Marriott Richmond Downtown, Richmond, VA
• Marriott Louisville Downtown, Louisville KY
• Renaissance Plantation, Plantation, FL
• Renaissance Broomfield Flatiron, Broomfield, CO
• Radisson Star Plaza, Merrillville, IN
The company did not say how many customers or card numbers could be affected as a result of the “suspected” breach.
“Guests at the hotels who did not use their credit card at these outlets, and guests who purchased to their room account at these outlets, were not affected,” the company said.
“Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” the statement continued.
Attackers may have accessed data including names printed on customers’ payment cards, and payment card numbers along with the security code and card expiration dates.
“Guests who used or visited the affected businesses during the nine month-period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period,” the company said. The company also suggested that guests consider placing a fraud alert on their credit files.
With nearly $1 billion in annual revenue, White Lodging Services operates more than 169 hotels in 21 states under brands including Preferred Hotel Group, Marriott, Hilton, Hyatt, Starwood Hotels and Resorts, InterContinental Hotel Group and Carlson Rezidor Hotel Group.
On Friday, security and cybercrime researcher and blogger, Brian Krebs, reported that the company may have suffered a data breach. Krebs said that in early January, sources in the banking industry “began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year.”
Tweet
Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:White Lodging Says 14 Properties Compromised in Point-of-Sale AttackCorero Launches New DDoS Protection Appliances for Service ProvidersMicrosoft Publishes Data About Secret FISA OrdersKaspersky Lab Investigating Extremely Sophisticated Malware FireEye Enhances OS, Expands Email Threat Protection Capabilities
sponsored links
Tags: NEWS INDUSTRY
Malware
Tracking Law Enforcement
Cybercrime
