Hotel management co. latest to have POS system hacked

Hotel management firm White Lodging Services Corp. joins the ranks of the data breached this week with an announcement its point-of-sale systems were hacked.

In a statement sent to Advisen, Merrillville, Ind.-based White Lodging said the hackers accessed POS terminals in restaurants and lounges at 14 locations from Denver to Erie, Pa. from March 20 to December 16, 2013.
The front desk at a Radisson Star Plaza hotel in White Lodging’s hometown was additionally affected by the breach, said the manager of hotels such as Marriott, Holiday Inn, Westin and Sheraton.

Hackers may have gotten a hold of customers’ credit and debit card information including names, card numbers, security codes and expiration dates.

Also Read: Could recent data breach wave cause market turning point?

“Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” the company said. “We continue to work with investigators and the credit card companies.”

Seven of the impacted locations were Marriott hotels in Chicago, Denver, Boulder, Colo., Austin, Indianapolis, Richmond, Va., and Louisville.

In a separate statement, Marriott International said it was aware of the problem and was working closely with White Lodging but had nothing else to say because “the suspected breach did not impact any systems that Marriott owns or controls.”

Holiday Inn hotels in Chicago and Austin were also among White-Lodging managed locations affected by the data breach. Other locations include a Sheraton in Erie, Pa., a Westin in Austin and two Renaissance hotels in Plantation, Fla. and Broomfield, Colo.
Like other companies in recent weeks to announce POS data breaches, White Lodging is offering a year of personal identification protection service to all affected customers but the company also encourages guests to place fraud alerts on credit files.

Since the middle of December 2013 retailers Target, Neiman Marcus and Michaels have said their POS terminals were compromised. Target has told multiple news outlets the POS intrusion can be linked to stolen network credentials from a third-party vendor.

It is not known whether the breach at White Lodging is related to the other recent breaches. Reports have indicated the hackings of Target and Neiman Marcus are related and that more companies will be revealed as victims of the cybercriminals.

As with the other breaches, cyber security expert Brian Krebs broke the White Lodging story on his blog after being told by banking-industry sources that they were seeing fraud on hundreds of cards used at Marriott hotels. Krebs was also first to post information on the Target, Neiman Marcus and Michaels breaches.

On Feb. 5 Krebs reported hackers broke into Target’s systems in November with stolen credentials from Fazio Mechanical Services—a full-service mechanical contracting company specializing in supermarket refrigeration systems.
Third-party breaches were also blamed information thefts at Yahoo and Easton-Bell Sports last month.
Yahoo said a list of usernames and passwords used to carry out an attack to gain unauthorized access to accounts was likely collected from a third-party database compromise. “Security attacks are unfortunately becoming a more regular occurrence,” Yahoo said in its online statement.

Easton-Bell Sports’ servers were accessed maliciously at the start of last December and may have affected online purchasers, the company said. Easton-Bell, which includes the brands Easton, Bell, Riddell and Giro, said it immediately shut down the affected servers and was “working with our vendor on additional measures that can be taken to prevent such incidents in the future.”