Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

PoS Breaches Spread with Thousands Affected at Marriott and Holiday Inn Locations

The affected hotel locations are franchised and managed by a company called White Lodging Services
The affected hotel locations are franchised and managed by a company called White Lodging Services

The affected hotel locations are franchised and managed by a company called White Lodging Services – its portfolio includes 168 hotels in 21 states. The company said in a statement that the locations were compromised during the period of March 20 to Dec. 16, 2013, via PoS systems for food and beverage outlets on the properties.

At one property, the Radisson Star Plaza in Merrillville, Ind., the PoS and property management systems used at the front desk were also suspected of being affected. Guests at the hotel who did not use their credit card at these outlets, and guests who used room charges, weren’t exposed.

Researcher Brian Krebs first broke the news, saying that credit and debit card information on “thousands of guests throughout much of 2013” had likely been lifted. Krebs cited multiple banking-industry sources as confirming that there has been a pattern of fraud on hundreds of cards that were all previously used at specific Marriott hotels, including locations in Austin, Chicago, Denver, Los Angeles, Louisville and Tampa – locations that are all managed by White Lodging.

The hacked data may have included names printed on customers’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates.

White Lodging has contacted federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by the company.

For its part, Marriott acknowledged that “one of its franchisees has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels.”

It added, “They are in the midst of the investigation and are in close contact with the banks and credit cards companies. We are working closely with the franchisee as they investigate the matter. Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide. As this impacts customers of Marriott hotels we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely.”

What’s Hot on Infosecurity Magazine?