White Lodging investigates suspected nine-month-long POS attack

Share this article:

White Lodging Services Corporation is investigating a suspected breach of its point-of-sale (POS) systems, the Indiana-based hotel management company announced on Monday, a few days after technology journalist Brian Krebs broke the story.

The breach would impact anyone who used a payment card at food and beverage outlets in one of 14 of the company's properties, according to a release emailed to SCMagazine.com by Kathleen Quilligan, director of communications with White Lodging.

“The unlawfully accessed data may have included names printed on customers' credit or debit cards, credit or debit card numbers, the security code and card expiration dates,” according to the release, which explains that guests who made purchases to their room accounts have not been affected.

The POS compromise took place between March 20, 2013, and Dec. 16, 2013, according to the release, and impacted people who visited Marriott, Holiday Inn, Sheraton, Westin, Renaissance and Radisson hotels in Illinois, Texas, Pennsylvania, Colorado, Indiana, Virginia, Kentucky and Florida.

The property management system, which manages card information for hotel guests and is used at the front desk of the Radisson Star Plaza location in Merrillville, IN, may also have been impacted, according to the release.

“Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” according to the release. “We continue to work with investigators and the credit card companies.”

White Lodging will be offering a free year of identity theft protection services to all affected individuals, but details of that program will be made available along with new information as the hotel management company continues its investigation.

A number of companies, particularly retailers such as Target and Neiman Marcus, have come out in recent months and announced POS system compromises. In the majority of instances, the affected entities said that malware was introduced into the POS systems, allowing attackers to steal card data, among other information, on millions of customers.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.