HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 14 MINUTES AGO.
You are here: Home / Computing / Hotels Hacked, Customer Data Stolen
Major Hotel Customers Hit by Data Breach
Major Hotel Customers Hit by Data Breach
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
03
2014


After the Target and Niemen Marcus network breaches, retailers are now hyper-vigilant about security. But the hotel industry may need to open its eyes a little wider.

White Lodging, a company that maintains hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin, appears to have suffered a data breach that exposed credit and debit card information on thousands of guests throughout much of 2013, according to KrebsOnSecurity.

“Earlier this month, multiple sources in the banking industry began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year,” said Brian Krebs, a security expert who runs the blog. “But those same sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago Denver, Los Angeles, Louisville and Tampa.”

Marriott Speaks Out

As it turns out, Krebs said, the common thread among all those Marriott locations is the management company: Merrillville, Ind.-based White Lodging Services Corp. White Lodging bills itself as “a fully-integrated owner, developer and manager of premium brand hotels.” The Web site suggests its portfolio includes 168 full-service hotels in 21 states. That includes more than 30 restaurants.

“White Lodging declined to offer many details, saying in an emailed statement that “an investigation is in progress, and we will provide meaningful information as soon as it becomes available,” Krebbs said. He noted that Marriott also issued a statement explaining that one of its franchisees has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels.

“They are in the midst of the investigation and are in close contact with the banks and credit cards companies. We are working closely with the franchisee as they investigate the matter,” Marriott said. “Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide. As this impacts customers of Marriott hotels we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely.”

More Breaches to Come

Krebs notes that sources say the breach appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging -- not the property management systems that run the hotel front desk computers, which handle the checking in and out of guests.

“In the case of Marriott, for example, all Marriott establishments operated as franchises must use Marriott’s property management system,” he said. “As a result, the breach impacted only those Marriott guests who used their cards at White Lodging-managed gift shops and restaurants.”

We caught up with Tommy Chin, a technical support engineer at CORE Security, to get his take on the breach. He told us Kaptoxa, a new piece of malware, has infected a large number of retail information systems, according to a report from iSightPartners.

“Their report states you may be at risk if you have a POS system in operation. I believe there will be a good number of disclosed breached coming in the near future -- not just from retailers,” Chin said. “I’m sure that all the breaches to date have not yet been discovered.”

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Using Internet-connected devices without strong passwords is inherently risky, as illustrated by reports that a Russian Web site is showing live footage from thousands of people's webcams.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

MOBILE TECHNOLOGY SPOTLIGHT
To better its customer service, Comcast is pulling out at least some of the stops. The cable giant has launched an app so you can track the cable guy in real time. It's designed to ease customer frustration.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.