Credit Card Breach Being Investigated By Hotel Management Co.

Feb 01, 2014 By Sarah Vonnegut

A company that manages some of the biggest name brand hotel franchises across the U.S., including Hilton, Westin, Marriott and Sheraton, has apparently been dealing with a potential data breach where thousands of guests’ credit card data was stolen over a period of at least nine months.

White Lodging, a Merrillville, Indiana-based hospitality management company, manages 168 hotels in 21 states and confirmed it was investigating a data breach. After banks looked into a string of card fraud incidents that began on March 23rd, 2013 through the end of the year, a pattern was noted: All the cards were used at Marriott hotels in L.A., Louisville, Chicago, Austin, Denver and Tampa.

The breach appears to have affected only the hotel systems managed by White Lodging, including mostly restaurants and gift shops within their properties. Most of the hotel franchises use the hotel’s property management systems to manage guests’ comings and goings and were not affected by the breach.

Brian Krebs, who originally reported the incident, emailed White Lodging, which confirmed to being in the process of investigating the breach. Marriott, one of the hotels with franchises managed by White Lodging also issued a statement in response, saying:

“[White Lodging is] in the midst of the investigation and [is] in close contact with the banks and credit cards companies.  We are working closely with the franchisee as they investigate the matter.  Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide. “

The statement concluded that they would continue to monitor the situation and keep their customers informed.

This is the last in a long string of similar breaches at major consumer businesses. The common thread throughout many of the breaches (Target, Neiman Marcus, Michaels) seems to be malicious tampering of the stores’ POS systems. In most of these instances, malware was installed to scrape and steal unencrypted data off of customers’ credit cards. The spate of major, expensive breaches have prompted businesses of any size to take a second look at the security of their devices. The incidents have also created a push for better security of credit and debit cards, including an upgrade to the smart-chip models already popular in Europe and Japan.

Read more about the incident here

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.