Hotels Latest Victims of Credit Card Hacks

By Karen Jacobs

ATLANTA -- A credit card data breach has been detected that exposed guests at certain Marriott, Holiday Inn, Sheraton and other hotel properties to theft, hotel management firm White Lodging Services said Monday.

The breach occurred at food and beverage outlets at 14 hotels, including some operated under the Westin, Renaissance and Radisson names, between March 20 and Dec. 16 last year, White Lodging said in a statement.

The company said information subject to potential theft by cybercriminals included names and numbers on consumers' debit or credit cards, security codes and card expiration dates.

Customers who used their cards at the affected outlets should review all statements from the time in question and consider placing fraud alerts on their credit files, White Lodging said.

White Lodging wouldn't estimate how many card numbers might have been taken. Krebs on Security, the cybersecurity blog that first reported the breach Friday, said thousands of accounts had been compromised.

The latest data breach comes after the FBI warned retailers last month to prepare for more cyber attacks after discovering about 20 hacking cases in the past year involving the same kind of malicious software used against Target (TGT) over the holiday shopping season.

The incident involving Target, the No. 3 U.S. retailer, was one of the biggest retail cyber attacks in history.

In a confidential, three-page report to retail companies the FBI described the risks posed by "memory-parsing" malware that infects point-of-sale systems,
which include cash registers and credit-card swiping machines in checkout aisles.

Restaurants and lounges affected by the White Lodging breach were at hotels in Chicago; Austin, Texas; Richmond, Va.; Plantation, Fla.; Denver; Boulder and Broomfield, Colo.; Louisville, Ky.; Erie, Pa.; Indianapolis; and Merrillville, Ind., the company said.

White Lodging, which manages 169 hotels that include brands of Marriott International (MAR), Starwood Hotels and Resorts (HOT) and InterContinental Hotels Group (IHG), said it planned to offer affected consumers one year of identity protection services.

The company, based in Merrillville, Ind., said it notified federal authorities of the suspected breach and had begun a review of other properties it manages.

A spokeswoman for White Lodging declined to comment beyond the company's statement.

Marriott said one of its franchise management companies had "unusual fraud patterns" with payment systems, according to a statement from spokesman Jeff Flaherty. He added that Marriott was working with the company in the probe.

"Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide," Flaherty added.


Increase your money and finance knowledge from home

Intro to Retirement

Get started early planning for your long term future.

View Course »

How Financial Planners go Grocery Shopping

Learn to shop smart and save.

View Course »

Add a Comment

*0 / 3000 Character Maximum