in Consumer Fraud Published on February 17, 2014

Hotels Hit With Nine-Month Long Data Breach

by Simon Clark

Last Updated on June 27, 2017

View Comments

First there was Target. Then, last week, we reported on the 1.1 million Neiman Marcus customers whose information was stolen in a security breach. Now, White Lodging Services Corp has revealed that card data from fifteen hotels spanning eight states has been breached over a nine-month period.

Federal authorities have been notified of the suspected breach, and a review of all managed properties was underway, the company said.

According to the hotel management company, customers’ names, credit or debit card numbers, three-digit security codes and card expiration dates were all breached between March 20 and December 16, 2013, in hotels operated by Marriott, Holiday Inn, Westin, Renaissance and Radisson. As in similar large-scale breaches, the information was stolen at point-of-sale – in this case, food outlets in the hotels.

Customers who checked into rooms at fourteen of the hotels, rather than using cards to purchase food and drink, appear not to have been affected, although the front desk of one hotel, operated by Radisson in Indiana, was also subject to the breach. According to a company press release issued on February 3, 2014, the following hotels’ food and beverage outlets may have been breached:

  • Marriott Midway, Chicago, IL
  • Holiday Inn Midway, Chicago, IL
  • Holiday Inn Austin Northwest, Austin, TX
  • Sheraton Erie Bayfront, Erie, PA
  • Westin Austin at the Domain, Austin, TX
  • Marriott Boulder, Boulder, CO
  • Marriott Denver South, Denver, CO
  • Marriott Austin South, Austin, TX
  • Marriott Indianapolis Downtown, Indianapolis, IN
  • Marriott Richmond Downtown, Richmond, VA
  • Marriott Louisville Downtown, Louisville KY
  • Renaissance Plantation, Plantation, FL
  • Renaissance Broomfield Flatiron, Broomfield, CO
  • Radisson Star Plaza, Merrillville, IN

While White Lodgings has not put a number on the amount of customers involved, cybersecurity firm Krebs on Security suggested that thousands of accounts were likely compromised, Reuters reported. The management company handles 169 hotels nationwide. Federal authorities have been notified of the suspected breach, and a review of all managed properties was underway, the company said.

White Lodgings has now issued the following advice to customers who may be affected:

“Guests should also consider placing a fraud alert on their credit files. An initial fraud alert, which lasts for 90 days, requires potential creditors to use reasonable policies and procedures to verify a customer's identity before issuing credit in the customer. To place an alert, calls can be made to anyone of the following three credit reporting agencies: Experian (888) 397-3742; Equifax (800) 525-6285; or TransUnion (800) 680-7289. A fraud alert request call to any of the three agencies will result in all three agencies implementing the alert. Customers then will receive letters from all three agencies, confirming that the alert is in place and letting customers know how to obtain a free copy of your credit report. Interested parties also can order a free copy of the customer’s credit report by calling (877) 322-8228 or by visiting http://www.annualcreditreport.com.”

Congress has held several hearings in recent weeks aimed at addressing security concerns, and news of further breaches will only add to the sense that current legislation is ineffective and fails to protect consumers. In previous years, bills seeking tighter data protection have languished while failing to find enough cross-party support to move forward – but, perhaps with the recent attention paid to just how secure card transactions really are, the government will be able to move forward and provide the U.S. public with the security they want.

For the fifteen hotels hit by the latest breach, it’s too late – but for countless other businesses, there’s still a huge amount to play for, and a lot of work to do to regain customer trust.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Last Updated on June 27, 2017 — 4:59 AM

Simon Clark

Simon is a freelance writer based out of London. A former full-time writer and blog editor for ClassAction.org, Simon is now focused on writing novels for children.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.