Breach Notification , Card Not Present Fraud , Incident & Breach Response

Hotel Company Reveals Second Breach

POS Malware Potentially Exposed Card Data
Hotel Company Reveals Second Breach

White Lodging Services Corp. has revealed a malware attack against point-of-sale systems at 10 of the hotels it manages, potentially exposing payment card data for an undisclosed number of customers. The disclosure comes about a year after the company confirmed a similar malware-related breach.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

The Merrillville, Ind.-based company says POS systems in restaurants and lounges at the hotels were affected by the breach from July 3, 2014, through Feb. 6, 2015. The hotels are in Colorado, Illinois, Indiana, Kentucky, Michigan, Pennsylvania and Texas. Several of the hotels were also affected by a 2013 breach, according to the company's announcement when that incident was revealed last year.

The "unlawfully accessed data at risk" includes names, payment card numbers, card security codes and expiration dates, the company says. "Guests who used or visited the affected food and beverage outlets during the seven month-period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period."

White Lodging Services is offering one year of free fraud resolution and identity protection services to those affected.

Breach Details

The company says it manages hotels under agreements with the hotel owners and is a separate entity from the specific hotel chains involved, including Marriott and Starwood.

The latest breach was initially discovered on Jan. 27, 2015, when White Lodging Services was notified of some unusual activity on credit cards used at four Marriott hotels it manages, the company says.

"We quickly engaged a third-party forensic services provider to conduct an investigation. We also notified the U.S. Secret Service," the company says. "The preliminary results of the investigation revealed malicious software and remnants of such software on a number of the point-of-sale terminals used at food and beverage outlets at the hotels. Because this malicious software was detected, the credit/debit card data entered on these devices was at risk of theft."

Previous Breach

Back in February 2014, the company revealed that 14 of its managed hotels were apparently hit by POS malware. That breach occurred from March 20 to Dec. 16, 2013, White Lodging Services reported. Breached systems in that incident also were primarily at restaurants and lounges.

"After suffering [that] malware incident, we took various actions to prevent a recurrence, including engaging a third-party security firm to provide security technology and managed services," says Dave Sibley, the company's president and CEO, hospitality management. "These security measures were unable to stop the current malware occurrence on point-of-sale systems at food and beverage outlets in 10 hotels that we manage. We continue to remain committed to investing in the measures necessary to protect the personal information entrusted to us by our valuable guests."

Upon learning of the latest malware attack, the company says it immediately contacted federal law enforcement officials and initiated a third-party forensic review. White Lodging Services is continuing to work with investigators and the credit card companies. No arrests in the incident have been made so far, the company adds.

"We are taking steps designed to prevent a reoccurrence based on our current and past experiences," the company says in its statement.

A White Lodge Services spokeswoman declined to provide further details.

A Common Struggle

Security expert David Kennedy, founder of the consulting firm TrustedSec, tells Information Security Media Group that it's common for a company to be struck by breaches more than once.

"Companies really struggle with what to do for security and when they get hacked; other hackers notice the lack of security and do the same thing," he says. "Hackers are also very hard to get out of your network once they are in - it could be the same group, just not fully removed from an organization.

"I would hope that any organization that suffers a breach puts significant controls in place to prevent it from happening again."

POS malware attacks have stolen card data from retailers large and small, ranging from Target, Michaels and Staples to smaller mom-and-pop shops (see Why POS Malware Still Works).

In another recent malware attack targeting hotels, global luxury hotel chain Mandarin Oriental Hotel Group in March confirmed a card compromise connected to breaches of its point-of-sale systems (see Two New POS Breaches Lead to Fraud).

One important step that businesses can take to help prevent POS breaches is implementing strong perimeter security controls, such as unified threat management appliances that have push capabilities for updated signatures, says Michael G. Mathews, president and co-founder of the security consulting firm CynergisTek.

"Now more than ever it is very important to segment the corporate network to isolate assets of differing risk," he adds. "Isolating things such as point-of-sale devices reduces the chances that malware can even make it on to the devices in addition to keeping the devices from being affected by other potential incidents on other segments of the network."

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.