Travelers who wined and dined at hotels last year should stay alert for fraudulent account charges or signs of identity theft after a hotel management company revealed a data breach at 14 of its properties.
Between March 20 and December 16, 2013, White Lodging Services Corporation point of sales systems were compromised, leaving customers’ payment card information vulnerable to theft and fraudulent use. White Lodging manages food and beverage outlets at hotels, and the breach was limited to hotel restaurant and food services point of sale systems, except in one location.
The property management system that operates the front desk at the Radisson Star Plaza, located in Merrillville, Indiana, was affected. Any guests of the hotel during the nine-month period last year could have had their credit card or debit card information stolen, whether or not they used their card for food or services at the hotel.
Marriott, Sheraton among the hotels affected
The other hotels impacted by the White Lodging breach did not experience a security breach at the front desk point of sales terminals. Only people who used a payment card at a restaurant attached to, or within the hotel itself, need to worry about their information being misused. People who ordered from room service and charged the expense to their room account were not exposed to the breach.
The affected food and beverage outlets are located at these hotels:
• Marriott Midway – Chicago, Illinois
• Holiday Inn Midway – Chicago, Illinois
• Holiday Inn Austin Northwest – Austin, Texas
• Sheraton Erie Bayfront – Erie, Pennsylvania
• Westin Austin at the Domain – Austin, Texas
• Marriott Boulder – Boulder, Colorado
• Marriott Denver South – Denver, Colorado
• Marriott Austin South – Austin, Texas
• Marriott Indianapolis Downtown – Indianapolis, Indiana
• Marriott Richmond Downtown – Richmond, Virginia
• Marriott Louisville Downtown – Louisville Kentucky
• Renaissance Plantation – Plantation, Florida
• Renaissance Broomfield Flatiron – Broomfield, Colorado
The information exposed includes names, credit or debit card numbers, expiration dates and security codes. Anyone who may have been affected should carefully review their payment accounts for unfamiliar charges or other signs of fraud. If reported in a timely fashion, customers are not liable for charges that they did not make to their accounts. Visa, American Express, MasterCard and Discover all have zero-liability fraud policies.
Complimentary identity theft protection
White Lodging said that they contacted federal law enforcement officials as soon as they uncovered the breach and are fully cooperating with investigators and credit card issuers. They are also planning to offer a year of free identity protection services to all cardholders affected.