Skip to main content

Report: Hotels company apparently hacked, exposing guests' credit cards

By Joe Sutton and Holly Yan, CNN
February 4, 2014 -- Updated 0004 GMT (0804 HKT)
STORY HIGHLIGHTS
  • Krebs: Banking sources noticed fraud on the cards of hundreds of past Marriott guests
  • Each of those hotels are managed by White Lodging, which maintains hotel franchises
  • White Lodging says an investigation is underway
  • Krebs also exposed the Target data breach that affected up to 110 million customers

(CNN) -- White Lodging -- a company that maintains Hilton, Marriott, Sheraton and Westin hotel franchises -- has apparently suffered a data breach that exposed guests' credit and debit card information in 2013, independent security researcher Brian Krebs said.

Banking industry sources noticed fraud among hundreds of cards that had been previously used at Marriott hotels, wrote Krebs, who first reported that Target had suffered a massive data breach around Black Friday last year.

"But those same sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago, Denver, Los Angeles, Louisville and Tampa," Krebs wrote.

"Turns out, the common thread among all of those Marriott locations is that they are managed" by White Lodging, he said.

White Lodging, based in Merrillville, Indiana, issued a statement Monday saying the breach occurred from March 20 to December 16 and affected only people who used their credit cards in the affected hotels' restaurants and bars. The 14 hotels include Marriott, Radisson, Renaissance, Sheraton, Westin and Holiday Inn franchises around the country.

Marriott said it will continue to monitor the situation.

"We are working closely with the franchise management company as they investigate the matter," spokesman Jeff Flaherty said. "Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide."

White Lodging is just the latest American business to investigate a security breach.

The hacking of Target's systems could be the largest breach in U.S. retail history. It affected up to 110 million customers, including 40 million credit and debit cards and up to 70 million customers' personal information.

CNNMoney: Tips for Target customers

The retailer discovered the breach in mid-December, notified customers several days later, and launched an investigation with the help of a private security firm and law enforcement.

Since Target's disclosure, high-end retailer Neiman Marcus announced more than 1 million customer cards were compromised in a breach last summer.

And last month, crafts retailer Michaels said its systems may have been breached.

It isn't immediately clear if these possible attacks are related. Security experts have warned it is likely other companies were targeted by the hackers who hit Target.

U.S. Attorney General Eric Holder spoke about a federal investigation at a Senate hearing last week.

"We are committed to working to find not only the perpetrators of these sorts of data breaches, but also any individuals and groups who exploit that data via credit card fraud," Holder said.

Store credentials blamed in Target breach

ADVERTISEMENT
ADVERTISEMENT