White Lodging investigates suspected nine-month-long POS attack
White Lodging Services Corporation is investigating a suspected breach of its point-of-sale (POS) systems, the Indiana-based hotel management company announced on Monday, a few days after technology journalist Brian Krebs broke the story.
The breach would impact anyone who used a payment card at food and beverage outlets in one of 14 of the company's properties, according to a release emailed to SCMagazine.com by Kathleen Quilligan, director of communications with White Lodging.
“The unlawfully accessed data may have included names printed on customers' credit or debit cards, credit or debit card numbers, the security code and card expiration dates,” according to the release, which explains that guests who made purchases to their room accounts have not been affected.
The POS compromise took place between March 20, 2013, and Dec. 16, 2013, according to the release, and impacted people who visited Marriott, Holiday Inn, Sheraton, Westin, Renaissance and Radisson hotels in Illinois, Texas, Pennsylvania, Colorado, Indiana, Virginia, Kentucky and Florida.
The property management system, which manages card information for hotel guests and is used at the front desk of the Radisson Star Plaza location in Merrillville, IN, may also have been impacted, according to the release.
“Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” according to the release. “We continue to work with investigators and the credit card companies.”
White Lodging will be offering a free year of identity theft protection services to all affected individuals, but details of that program will be made available along with new information as the hotel management company continues its investigation.
A number of companies, particularly retailers such as Target and Neiman Marcus, have come out in recent months and announced POS system compromises. In the majority of instances, the affected entities said that malware was introduced into the POS systems, allowing attackers to steal card data, among other information, on millions of customers.