Holiday Inn, Marriott Hotels Suspected Targets of Data Breach
The Official Merchant Services Blog has breaking news regarding the ongoing series of credit card data breaches. One the heels of the major hack of discount retailer of Target that stole credit and debit card data from 40 million accounts right smack dab in the middle of the holiday shopping season, there’s yet another target of hacker greed: Holiday Inn. Lodgers at Holiday Inns, Marriott and Renaissance hotels may have had their payment card details compromised for much of 2013 as revealed a hotel management company on Monday.
White Lodging Services, a hotel management company, warned in a news release it suspects point-of-sale systems at restaurants and lounges on 14 of its properties were compromised between March 20, 2013 and Dec. 16, 2013. Guests who did not use their card at restaurants and lounges, as well as those who used their room account for purchases from those outlets, were not affected, the press release revealed.
The Merrillville, Indiana-based company said it manages hotels like Holiday Inn under agreement with hotel owners. The company is a separate entity from the specific hotel brands it operates. White Lodging Services said it has contacted federal law enforcement and initiated a forensic review of its properties. It runs more than 169 hotels in 21 U.S. states.
The Full List
The full list of the food and beverage outlets affected by the suspected breach were located at the following hotels:
- Marriott Midway, Chicago, IL
- Holiday Inn Midway, Chicago, IL
- Holiday Inn Austin Northwest, Austin, TX
- Sheraton Erie Bayfront, Erie, PA
- Westin Austin at the Domain, Austin, TX
- Marriott Boulder, Boulder, CO
- Marriott Denver South, Denver, CO
- Marriott Austin South, Austin, TX
- Marriott Indianapolis Downtown, Indianapolis, IN
- Marriott Richmond Downtown, Richmond, VA
- Marriott Louisville Downtown, Louisville KY
- Renaissance Plantation, Plantation, FL
- Renaissance Broomfield Flatiron, Broomfield, CO
- Radisson Star Plaza, Merrillville, IN
White Lodging last week told the New York Times it was investigating a potential security breach, covered in a report from security writer Brian Krebs. The same Krebs who broke the news on the Target Data Breach as well as the Global Data Breach.
What Was Hacked?
The unlawfully accessed data may have included names printed on customers’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates. Guests who used or visited the affected businesses during the nine month-period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period.
One idea posited on how this happened is RAM scraping. Attackers are planting malicious software, known as “RAM scrapers,” on POS devices, which capture unencrypted card details after a customer has swiped a card, defeating other security measures in place intended to protect sensitive details. White Lodging said customers’ names as printed on credit or debit cards, the card numbers, the cards’ security code and expiration dates may have been unlawfully accessed.
What’s Next?
Financial institutions have reissued some payment cards and are monitoring other credit and debit cards for unauthorized activity, the company said. White Lodging is also arranging to offer one year of complimentary personal identity protection services to all affected cardholders.
The unfolding disclosures have drawn the attention of the U.S. Congress. The House Energy and Commerce Committee is scheduled on Wednesday to hear from senior executives from Target and Neiman Marcus along with the U.S. Secret Service about how data breaches can be prevented.
Host Merchant Service’s PCI Compliance Initiative
Looking at the threat of a data breach, Merchants must wonder what the solution can be. Is there protection available? PCI Compliance is a great foundation for transaction security. The standards and protocols set up by the PCI-DSS Council are the first step a merchant needs to take to protect their data. And Host Merchant Services offers a PCI Compliance Initiative that helps its merchants quickly and seamlessly take that step.
Also, one thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.