White Lodging, the company behind a number of of the hotels in the US chains Hilton, Marriott, Sheraton and Westin, has been leaking thousands of guests’ credit and debit card information throughout much of 2013.
safety journalist Brian Krebs reports hearing from banking business sources in January regarding a pattern of fraud on cards used at the hotels from about 23 March 2013 up until the end of 2013.
The fraud popped up in exact hotels located in the US cities of Austin, in Texas; Chicago, in Illinois; Denver, in Colorado; Los Angeles, in California; Louisville, in Kentucky; and Tampa, in Florida.
The common denominator, it turns out, is that all of the affected hotels in those locations contain businesses run by White Lodging Services Corporation, which owns, develops and/or manages premium hotel brands.
Krebs’s sources said that it was mostly the restaurants, gift shops and other businesses that White Lodging runs within some of the hotels that were targeted, as opposed to the front desk computers that verify guests in and out.
That means that the only Marriott guests who should be affected are those who used their cards at gift shops and restaurants, Krebs notes.
Marriott issued a statement saying that “one of its franchisees has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels.”
Sophos’s Chester Wisniewski and Numaan Huq have been tracking malware behind rigged PoS systems for more than three years and are on the brink of presenting their research at this year’s RSA Conference.
Marriott mentioned fraud “at a number of hotels across a range of brands”, which makes it sound similar to we still might well hear of other hotel brands serviced by White Lodging having been targeted.
So if you’ve been in a hotel, paid for something in a hotel restaurant or gift shop, bought crafting supplies, or fundamentally touched any sliver of plastic in your wallet or purse at all whatsoever to buy so much as a gumball, keep an eye out for funky charges on your report.