Report: Major Hotel Chains Hit by Long-Term Data Breach
White Lodging Services Corp. says that 14 hotels it manages—including some in the Holiday Inn and Marriott families—suffered a credit and debit card data breach last year that lasted nine months.
White Lodging Services Corp. says that 14 hotels it manages—including some in the Holiday Inn and Marriott families—suffered a credit and debit card data breach last year that lasted nine months.
For nearly nine months, travelers across the country were unknowingly exposed to the same kind of data breach currently affecting millions of Target shoppers.
That’s according to a recent disclosure by a hotel management firm with ties to Holiday Inn, Marriott, and Sheraton locations nationwide, among others. More details:
What happened: White Lodging Services Corp. reported that it suffered a nine-month breach of its credit card system in 2013 that affected restaurants and lounges at 14 hotels it manages belonging well-known chains, including Marriott, Holiday Inn, and Starwood Hotels and Resorts. The company, which manages 168 hotels in 21 states, says systems were exposed to the breach between March 20 and December 16, according to Reuters. White Lodging also said in a statement that the point-of-sale and property management systems at one hotel might have been affected. The company’s statement listed the affected hotels—located in Colorado, Florida, Illinois, Indiana, Kentucky, Pennsylvania, Texas, and Virginia—and stated it will offer credit monitoring services to customers affected by the breach. However, it’s unknown how many that is.
A breach with a history: The news of the breach was first reported Friday by security journalist Brian Krebs, who noted that there was evidence of some kind of data incident involving a number of Marriott hotels but that it appeared to have a curiously limited reach. “Earlier this month, multiple sources in the banking industry began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013, on through the end of last year,” Krebs wrote. “But those … sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago, Denver, Los Angeles, Louisville, and Tampa.”
Marriott’s response: In a press comment issued Saturday, Marriott emphasized that although it was not directly at fault for the breach, which affected franchisee food and drink businesses, it is taking the situation seriously: “Since this impacts customers of Marriott properties, we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely.”
The White Lodging incident isn’t the first data scare involving the hotel or events industry in recent months. Last fall, attendees at two association events held in Boston were affected by data thefts that led to reports of credit card fraud. Later evidence uncovered in the case suggested that the breaches did not occur at the Boston Convention and Exhibition Center, where the conferences had been held, but at nearby restaurants and bars.
(iStock/Thinkstock)
Comments