White Lodging, a hotel management firm that works under various brands including Hilton, Marriott, Westin, Sheraton and Hyatt, has suffered a data breach that has exposed the credit and debit card details of thousands of customers.
According to security blogger Brian Krebs, the credit card hack revealed details from visitors throughout 2013, with the earliest dating back to March 23rd.
The security breach came to light after banking analysts spotted a pattern of credit card fraud at specific Marriott hotels in Austin, Chicago, Denver, Los Angeles, Louisville and Tampa.
What these locations had in common is that they were all managed by the White Lodging Services Corporation. The Indiana-based company manages 171 hotels across the country.
On Sunday night White Lodging issued a statement, saying only that: “An investigation is in process, and we will provide meaningful information as soon as it becomes available.”
Marriott has also said that it is monitoring the situation. Spokesman Jeff Flaherty said: “We are working closely with the franchise management company as they investigate the matter. Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide.”
According to Krebs, the security leak seems to have affected “restaurants, gift shops and other establishments” within White Lodging hotels, rather than the systems which run reservations and check-in desks.
The attack is the latest in a growing list of financial break-ins to hit American businesses. Last week, the art and crafts retailer Michaels suffered a very similar hack, which was also stopped by credit card fraud analysts, as We Live Security reported here.
Prior to that, Target and Nieman Marcus, the luxury retailer, were affected in large-scale breaches. Neiman Marcus’ breach is thought to have revealed details of more than a million customers’ cards. ESET expert Lisa Myers has some advice if you think your card might have been among those affected by any of these attacks here.
U.S. Attorney General Eric Holder announced at a Senate hearing last week that a federal investigation was ongoing into this spate of attacks.
“We are committed to working to find not only the perpetrators of these sorts of data breaches, but also any individuals and groups who exploit that data via credit card fraud”, he said.