White Lodging which manages hotel franchises for major chains such as the Marriott, Hilton and Starwood Hotel syndicates appears to have been the target of yet another payment information breach. Investigators say the breach seems to have started early in March and continued for the rest of 2013. That means countless travelers were exposed for almost 10 months without warning.
The breach was first brought to light by Brian Krebs in his blog, KrebsonSecurity, on Jan. 30. He was also the first to publish information on the Target and Neiman Marcus breaches.
Krebs relies on information by unnamed insiders in the security, retail and banking industries. In his blog he discussed how everything finally was exposed.
“Earlier this month, multiple sources in the banking industry began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year. But those same sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago Denver, Los Angeles, Louisville and Tampa.”
White Lodging Services Corp bills itself as a “fully-integrated owner, developer and manager of premium brand hotels.” Eventually it was apparent that all the fraudulent transactions for the hotels took place at White Lodging locations.
Marriott has issued a statement, noting that “one of its franchisees has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels.” The statement continues:
"Sources say the breach appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging — not the property management systems that run the hotel front desk computers which handle guests checking in and out."
It was not known whether the White Lodging invasion by hackers was related to any of the other incidents made public in recent months.