Another Massive Data Breach Strikes Hotel Chains

How many major data breaches have you heard about in the past two months — five, maybe? Add another one to the list: White Lodging — an Indiana-based company that owns, develops and manages Hilton, Marriott, Westin and Sheraton hotels across the country — experienced a data breach that compromised thousands of guests’ credit and debit card information.

Security blogger Brian Krebs reported the breach Jan. 31, saying the stolen data dates between about March 23, 2013 through nearly the end of the year. White Lodging emailed Krebs, explaining the matter was under investigation but provided no other details about the breach. A pattern of fraud emerged from specific Marriott locations across the country, all of which were linked to White Lodging, which owns 68 hotels in 21 states, with more than 30 restaurants.

Restaurants, gift shops and other payment processing within the hotels bore the brunt of the breach, according to Krebs’ sources. The computers that handle guests’ check-in and check-out transactions at Marriott locations use Marriott’s property management system and were therefore not compromised by the attack. Some of the hotels were located in Austin, Texas; Chicago; Denver; Los Angeles; Louisville, Ky. and Tampa, Fla.

“The hospitality industry has never been famous for having great security,” says Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911. “None of this matters in the sense that everything you should have been doing you need to continue to do, regardless of the breach, because the breach is inevitable.”

Basically, you need to watch your bank accounts and credit reports like you would watch a child holding a sharp object. The situation is too risky to neglect.

Get everything you need to master your credit today.

Get started for free

Given the frequency of the attacks, Levin says he has seen consumers get increasingly worried about attacks, but their security measures need to match their level of concern. Checking accounts daily, pulling your credit reports, checking your credit scores for sudden changes, shredding junk mail — it’s all part of a consumer’s responsibility to look out for themselves, he said.

“It’s like every day is a further confirmation that the ultimate guardian of the consumer is the consumer,” Levin says.

Levin was recently quoted in a New York Times story on how consumers are turning to cash out of fear of security breaches, but it’s not a realistic long-term alternative, he says. People will continue to use credit and debit cards, and breaches will continue to grow in complexity.

“In terms of the breach and in terms of the ramifications, you ain’t seen nothing yet, and that’s what’s scary,” he says. “There’s nothing you can do but monitor, monitor, monitor, and have a damage control plan.”

Damage control involves knowing the details of your financial life. Would you notice if your credit score dropped suddenly? It might be a sign of identity theft, but if you’re not checking your scores regularly (which you can do for free using a tool like Credit.com’s Credit Report Card), you won’t know if there’s been a major change. It may not seem fair that the burden of protection has shifted to the consumer, Levin said, but it’s the reality, and you need to know about contacting your banks and credit reporting agencies when your information has been compromised in a data breach.