White Lodging investigates suspected nine-month-long POS attack

Share this article:

White Lodging Services Corporation is investigating a suspected breach of its point-of-sale (POS) systems, the Indiana-based hotel management company announced on Monday, a few days after technology journalist Brian Krebs broke the story.

The breach would impact anyone who used a payment card at food and beverage outlets in one of 14 of the company's properties, according to a release emailed to SCMagazine.com by Kathleen Quilligan, director of communications with White Lodging.

“The unlawfully accessed data may have included names printed on customers' credit or debit cards, credit or debit card numbers, the security code and card expiration dates,” according to the release, which explains that guests who made purchases to their room accounts have not been affected.

The POS compromise took place between March 20, 2013, and Dec. 16, 2013, according to the release, and impacted people who visited Marriott, Holiday Inn, Sheraton, Westin, Renaissance and Radisson hotels in Illinois, Texas, Pennsylvania, Colorado, Indiana, Virginia, Kentucky and Florida.

The property management system, which manages card information for hotel guests and is used at the front desk of the Radisson Star Plaza location in Merrillville, IN, may also have been impacted, according to the release.

“Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” according to the release. “We continue to work with investigators and the credit card companies.”

White Lodging will be offering a free year of identity theft protection services to all affected individuals, but details of that program will be made available along with new information as the hotel management company continues its investigation.

A number of companies, particularly retailers such as Target and Neiman Marcus, have come out in recent months and announced POS system compromises. In the majority of instances, the affected entities said that malware was introduced into the POS systems, allowing attackers to steal card data, among other information, on millions of customers.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.