February 3rd 2014
Guests at US hotels operated by White Lodging Services – including visitors based in the UK – may have had their payment card data stolen.
According to Brian Krebs, an independent researcher, the data cache appears to have gone astray from computers owned by the company, which operates 168 franchised properties in the US for the Hilton, Marriott, Sheraton and Westin chains.
The company has launched an investigation into how the data has been taken. They told Mr Krebs: "We will provide meaningful information as soon as it becomes available."
According to Mr Krebs, the operator's unwitting involvement in the data breach emerged as banking industry fraud investigators were investigating a sustained pattern of purchases at gift shops, restaurants and other shops at Marriott hotels using fraudulent payment cards. They were not used to pay for rooms. The purchases in question were made only at Marriott properties run by White Lodging in six separate cities, and not the whole chain.
Recent, substantially larger attacks on US retailers have seen millions of customers' payment card details stolen.