This news comes after independent security researcher Brian Krebs reported that the breach includes credit and debit card information on thousands of guests at US Marriott hotels since March 23, 2013.
“Earlier this month, multiple sources in the banking industry began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year,” wrote Krebs on his website. “But those same sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago Denver, Los Angeles, Louisville and Tampa.
“Turns out, the common thread among all of those Marriott locations is that they are managed by White Lodging.” White Lodging's website details that the firm is a “fully-integrated owner, developer and manager of premium brand hotels” which manages 168 hotels under various brands in 21 US states.
In response, the company said in a statement: "An investigation is in progress, and we will provide meaningful information as soon as it becomes available.” Partnering hotel Marriott added that it was “working closely with the franchise management company as they investigate the matter”.
Sources told Krebs that the breach “appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging – not the property management systems that run the hotel front desk computers which handle guests checking in and out.”
Experienced infosec analyst Phil Cracknell, now head of security and privacy services at Company 85, told SCMagazineUK.com that large corporations – and their partners – must ensure security is high on their ‘to-do' agenda.
“It is essential that large corporations with an important brand to protect ensure that their third party suppliers and partners not only take security as seriously as they do, but that they are auditable and assurances can be gained for businesses such as Sheraton, Marriot and Hilton because consumers could so easily lose trust in a brand.”
White Lodging is the latest in a long line of big US firms to have suffered from major data breaches in recent months. Target Corporation lost 110 million customer records (including 40 million credit and debit card details), while US retailers Michaels and Neiman Marcus have also been targeted.