Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

White Lodging Says 14 Properties Compromised in Point-of-Sale Attack

White Lodging Services, an independent hotel management company, said on Monday that point-of-sale (POS) systems at 14 of its properties may have been breached, resulting in exposure of customer payment data from Mar. 20 to Dec.

White Lodging Services, an independent hotel management company, said on Monday that point-of-sale (POS) systems at 14 of its properties may have been breached, resulting in exposure of customer payment data from Mar. 20 to Dec. 16, 2013 at food and beverage outlets such as hotel restaurants and lounges.

The company also said that one property, the Radisson Star Plaza in Merrillville, IN, may have had both its point-of-sale system and its property management system used at the front desk compromised, indicating that hotel guests’ credit card information was put at risk.

According to the hospitality company, the food and beverage outlets affected by the suspected breach were the following hotel locations:

• Marriott Midway, Chicago, IL

• Holiday Inn Midway, Chicago, IL

• Holiday Inn Austin Northwest, Austin, TX

• Sheraton Erie Bayfront, Erie, PA

• Westin Austin at the Domain, Austin, TX

• Marriott Boulder, Boulder, CO

• Marriott Denver South, Denver, CO

• Marriott Austin South, Austin, TX

• Marriott Indianapolis Downtown, Indianapolis, IN

• Marriott Richmond Downtown, Richmond, VA

• Marriott Louisville Downtown, Louisville KY

• Renaissance Plantation, Plantation, FL

• Renaissance Broomfield Flatiron, Broomfield, CO

• Radisson Star Plaza, Merrillville, IN

The company did not say how many customers or card numbers could be affected as a result of the “suspected” breach.

“Guests at the hotels who did not use their credit card at these outlets, and guests who purchased to their room account at these outlets, were not affected,” the company said.

“Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” the statement continued.

Attackers may have accessed data including names printed on customers’ payment cards, and payment card numbers along with the security code and card expiration dates.

“Guests who used or visited the affected businesses during the nine month-period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period,” the company said. The company also suggested that guests consider placing a fraud alert on their credit files.

With nearly $1 billion in annual revenue, White Lodging Services operates more than 169 hotels in 21 states under brands including Preferred Hotel Group, Marriott, Hilton, Hyatt, Starwood Hotels and Resorts, InterContinental Hotel Group and Carlson Rezidor Hotel Group.

“As we’ve seen with recent data breaches at retailers such as Target, Neiman Marcus and Michaels, credit card theft is becoming business as usual these days,” Marc Maiffret, CTO of BeyondTrust, told SecurityWeek in an emailed statement. “We might very well see a tipping point this year that finally draws national laws on reporting of such theft/breaches at a much deeper level than we have now.” 

On Friday, security and cybercrime researcher and blogger, Brian Krebs, reported that the company may have suffered a data breach. Krebs said that in early January, sources in the banking industry “began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year.” 

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack