Merrillville, Ind.-based hotel management company White Lodging Services Corporation revealed a malware attack took place against POS systems at 10 of the hotels it manages, potentially exposing payment card data for an undisclosed number of customers.

The suspected breach of POS systems at food and beverage outlets, such as restaurants and lounges, occurred from July 3, 2014 through Feb. 6, 2015 at 10 properties, according to officials from White Lodging Services Corporation. The disclosure comes about a year after the company confirmed a similar malware-related breach.

According to an eSecurity Planet report, several financial institutions uncovered the fraud on credit and debit cards run at Marriott hotels on Jan. 27, 2015. Upon learning of the suspected data security breach, company officials said they immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review. The company continues to work with investigators and the credit card companies.

“We quickly engaged a third-party forensic services provider to conduct an investigation. We also notified the U.S. Secret Service,” the hotel company said. “The preliminary results of the investigation revealed malicious software and remnants of such software on a number of the point-of-sale terminals used at food and beverage outlets at the hotels. Because this malicious software was detected, the credit/debit card data entered on these devices was at risk of theft.”

The food and beverage outlets affected are located at Indianapolis Marriott Downtown, Chicago Marriott Midway Airport, Auburn Hills Marriott Pontiac at Centerpoint, Pontiac, Mich.; Austin (Texas) Marriott South Airport; Boulder (Colorado) Marriott; Denver Marriott South at Park Meadows; Louisville (Kentucky) Marriott Downtown; Renaissance Boulder Flatiron, Broomfield, Colo.; Courtyard Austin (Texas) Downtown and Sheraton Hotel Erie Bayfront, Erie, Penn.

“After suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security technology and managed services,” Dave Sibley, president/CEO for White Lodging Hospitality Management, said. “These security measures were unable to stop the current malware occurrence on point of sale systems at food and beverage outlets in 10 hotels that we manage. We continue to remain committed to investing in the measures necessary to protect the personal information entrusted to us by our valuable guests. We deeply regret and apologize for this situation.”

The illegally accessed data at risk appears limited to names printed on customers' credit or debit cards, credit or debit card numbers, the security code and card expiration dates. Unaffected by the breach are guests who did not use their credit card at these outlets, or charged to their room accounts.

White Lodging manages hotels under agreements with the hotel owners and is a distinct and separate entity from the specific hotel brands involved, including Marriott and Starwood.

Guests who used or visited the affected food and beverage outlets during the seven-month period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period.

The Identity Theft Resource Center, reports that as of April 8, there have been 225 breaches in 2015 with 101,957,626 records exposed. Only 0.4% affected the Banking/Credit/Financial category, as opposed to 97.5% for the Medical/Healthcare category.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).