White Lodging investigates suspected nine-month-long POS attack

Share this article:

White Lodging Services Corporation is investigating a suspected breach of its point-of-sale (POS) systems, the Indiana-based hotel management company announced on Monday, a few days after technology journalist Brian Krebs broke the story.

The breach would impact anyone who used a payment card at food and beverage outlets in one of 14 of the company's properties, according to a release emailed to SCMagazine.com by Kathleen Quilligan, director of communications with White Lodging.

“The unlawfully accessed data may have included names printed on customers' credit or debit cards, credit or debit card numbers, the security code and card expiration dates,” according to the release, which explains that guests who made purchases to their room accounts have not been affected.

The POS compromise took place between March 20, 2013, and Dec. 16, 2013, according to the release, and impacted people who visited Marriott, Holiday Inn, Sheraton, Westin, Renaissance and Radisson hotels in Illinois, Texas, Pennsylvania, Colorado, Indiana, Virginia, Kentucky and Florida.

The property management system, which manages card information for hotel guests and is used at the front desk of the Radisson Star Plaza location in Merrillville, IN, may also have been impacted, according to the release.

“Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” according to the release. “We continue to work with investigators and the credit card companies.”

White Lodging will be offering a free year of identity theft protection services to all affected individuals, but details of that program will be made available along with new information as the hotel management company continues its investigation.

A number of companies, particularly retailers such as Target and Neiman Marcus, have come out in recent months and announced POS system compromises. In the majority of instances, the affected entities said that malware was introduced into the POS systems, allowing attackers to steal card data, among other information, on millions of customers.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.