Guests at some Marriott, Sheraton, Holiday Inn and other hotel properties had their credit card data exposed in a breach that occurred between March 20 and December 16 last year, according to hotel management firm White Lodging Services Corp.
The breach occurred at food and beverage outlets at 14 hotels, including some that operated under the Westin, Renaissance and Radisson names. Restaurants and lounges affected by the White Lodging breach were at hotels in Chicago; Austin, Texas; Richmond, Va.; Plantation, Fla.; Denver, Boulder and Broomfield, Col.; Louisville, Ky.; Erie, Pa.; and Indianapolis and Merrillville, Ind., the company said.
Information subject to potential theft by cyber criminals included names and numbers on consumers' debit or credit cards, security codes and card expiration dates, the company said. White Lodging would not estimate how many card numbers might have been taken.
White Lodging, which manages 169 hotels that include brands of Marriott International, Starwood Hotels and Resorts and InterContinental Hotels Group, said it planned to offer affected consumers one year of identity protection services. The company, based in Merrillville, Ind., said it notified federal authorities of the suspected breach and had begun a review of other properties it manages.
Customers who used their cards at the affected outlets should review all statements from the time in question and consider placing fraud alerts on their credit files, White Lodging said.
The latest data breach comes after the FBI warned retailers last month to prepare for more cyber attacks after discovering about 20 hacking cases in the past year involving the same kind of malicious software used against Target Corp. over the holiday shopping season. The breach involving Target, the No. 3 U.S. retailer, was one of the biggest retail cyber attacks in history.