Late last week, Merriville, Ind.-based White Lodging Services (www.whitelodging.com
) - a hospitality company that manages 168 hotels under franchises from Hilton, Marriott, Sheraton and Westin in 21 states - learned it had suffered a data breach at some of the Marriott hotels it manages. Data was compromised from March 2013 through the end of the year.
The breach, which was first reported by security blogger Brian Krebs (www.krebsonsecurity.com
), the same person who broke the news of the November-December 2013 Target department stores' data breach, is said to have exposed debit and credit card information on thousands of guests at Marriott properties in locations including Austin, Chicago, Denver, Los Angeles, Louisville and Tampa. As yet, there has been no report of a security breach affecting the company's Hilton, Sheraton or Westin properties. In a statement, White Lodging noted that data was compromised at food and beverage outlets, such as restaurants and lounges, at the following 14 properties:
• Marriott Midway, Chicago
• Holiday Inn Midway, Chicago
• Holiday Inn Austin Northwest, Austin, Texas
• Sheraton Erie Bayfront, Erie, Pa.
• Westin Austin at the Domain, Austin, Texas
• Marriott Boulder, Boulder, Colo.
• Marriott Denver South, Denver
• Marriott Austin South, Austin, Texas
• Marriott Indianapolis Downtown, Indianapolis, Ind.
• Marriott Richmond Downtown, Richmond, Va.
• Marriott Louisville Downtown, Louisville, Ky.
• Renaissance Plantation, Plantation, Fla.
• Renaissance Broomfield Flatiron, Broomfield, Colo.
• Radisson Star Plaza, Merrillville, Ind.
White Lodging added that guests at the hotels who did not use their credit cards at the F&B outlets, and those who charged their purchases to their rooms, were not affected.
A formal statement from Marriott acknowledged a security breach had occurred at "one of our franchise management companies," but said that none of the systems Marriott owns or controls had been compromised. Marriott is working closely with banks and credit card companies to rectify the issue. "Since this impacts customers of Marriott properties, we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely," read the statement.
Marriott's full statement can be viewed here