White Lodging Services confirms second payment card breach

Security measures put in place after a first breach last year failed to stop hackers from striking again

A large hotel management company has confirmed a second payment card breach in less than 14 months, underscoring the difficulties businesses are having with data thieves.

White Lodging Services said the second breach was detected on Jan. 27 after unusual payment card activity was discovered on credit cards used at four Marriott-branded hotels. The compromised data includes customer names, card numbers, security codes and expiration dates, it said in a statement.

The Merrillville, Indiana-based company manages hotels under agreements with hotels owners and is a separate entity from the specific hotel brands it operates.

In February 2014, White Lodging said point-of-sale systems at restaurants and lounges on 14 of its properties were compromised between March 20, 2013 and Dec. 16, 2013. The same systems were targeted this time around, although the company said the latest breach was not related to the previous one.

Those affected are customers who used their cards at food and beverage outlets between July 2, 2014, and Feb. 6, 2015, in 10 hotels, which were eight Marriotts, one Courtyard and one Renaissance.

The property management system used to process room charges at front desks do not appear to be affected, White Lodging said.

White Lodging is just one of many business, including Target, Neiman Marcus and Home Depot, which have been struck by point-of-sale malware. The malware collects payment card data immediately after a card is swiped and the details sit unencrypted in a computer's RAM.

White Lodging's problems appear to be a combination of bad luck and very persistent hackers. After its first data breach, White Lodging said it hired a third-party security firm, which it did not identity, to help shore up its systems.

"Unfortunately, the security measures put in place did not stop the implantation of malware on point-of-sale systems at food and beverage outlets in select hotels we manage," it said.

Law enforcement has been notified, and no arrests have been made, White Lodging said. The company didn't say if it suspected the same hacker or group of hackers was behind the latest attack.

Arrests and prosecutions of suspects related to point-of-sale attacks have been rare, as many times the hackers are believed to be outside the U.S.

While law enforcement agencies in different countries are cooperating with more efficiency these days, cross-border cybercrime investigations can still be slow and complicated.

Extraditing suspects is also not possible from some countries. For example, the U.S. does not have extradition treaties with China or Russia, two nations often accused of hosting cybercriminal activity.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareWhite Lodging Services

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?