HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 5 MINUTES AGO.
You are here: Home / Data Security / Hotels Hacked, Customer Data Stolen
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Major Hotel Customers Hit by Data Breach
Major Hotel Customers Hit by Data Breach
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
03
2014


After the Target and Niemen Marcus network breaches, retailers are now hyper-vigilant about security. But the hotel industry may need to open its eyes a little wider.

White Lodging, a company that maintains hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin, appears to have suffered a data breach that exposed credit and debit card information on thousands of guests throughout much of 2013, according to KrebsOnSecurity.

“Earlier this month, multiple sources in the banking industry began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year,” said Brian Krebs, a security expert who runs the blog. “But those same sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago Denver, Los Angeles, Louisville and Tampa.”

Marriott Speaks Out

As it turns out, Krebs said, the common thread among all those Marriott locations is the management company: Merrillville, Ind.-based White Lodging Services Corp. White Lodging bills itself as “a fully-integrated owner, developer and manager of premium brand hotels.” The Web site suggests its portfolio includes 168 full-service hotels in 21 states. That includes more than 30 restaurants.

“White Lodging declined to offer many details, saying in an emailed statement that “an investigation is in progress, and we will provide meaningful information as soon as it becomes available,” Krebbs said. He noted that Marriott also issued a statement explaining that one of its franchisees has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels.

“They are in the midst of the investigation and are in close contact with the banks and credit cards companies. We are working closely with the franchisee as they investigate the matter,” Marriott said. “Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide. As this impacts customers of Marriott hotels we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely.”

More Breaches to Come

Krebs notes that sources say the breach appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging -- not the property management systems that run the hotel front desk computers, which handle the checking in and out of guests.

“In the case of Marriott, for example, all Marriott establishments operated as franchises must use Marriott’s property management system,” he said. “As a result, the breach impacted only those Marriott guests who used their cards at White Lodging-managed gift shops and restaurants.”

We caught up with Tommy Chin, a technical support engineer at CORE Security, to get his take on the breach. He told us Kaptoxa, a new piece of malware, has infected a large number of retail information systems, according to a report from iSightPartners.

“Their report states you may be at risk if you have a POS system in operation. I believe there will be a good number of disclosed breached coming in the near future -- not just from retailers,” Chin said. “I’m sure that all the breaches to date have not yet been discovered.”

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

MOBILE TECHNOLOGY SPOTLIGHT
In its bid for the wearables market, Sony is reportedly developing a watch made out of electronic paper for release as soon as next year. The e-paper watch will emphasize style over tech innovations.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.