White Lodging Services Corp. on Monday released details about a suspected credit-card security breach, noting that it took place at 14 U.S. hotels between March and December of 2013.
The Indiana-based company also said that the suspected breach was at hotel food-and-beverage outlets at 13 of the properties. At one property, the Radisson Star Plaza in Merrillville, Ind., the suspected breach was related to guest registration and food-and-beverage payments.
The other 13 impacted properties are seven Marriott-branded properties (Chicago Midway; Boulder, Colorado; Denver South; Austin South, Texas; Indianapolis Downtown; Richmond Downtown, Va.; and Louisville Downtown, Ky.), two Holiday Inns (Midway Chicago and Austin Northwest); two Renaissance hotels (Plantation, Fla; and Broomfield Flatiron, Colo.); the Sheraton Erie Bayfront in Erie, Pa.; and the Westin Austin at the Domain in Texas.
“Upon learning of the suspected data security breach, we immediately contacted the appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging,” the company said in a statement Monday afternoon. “Guests who used or visited the affected businesses during the nine-month period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period.”
White Lodging “has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands,” Marriott said in a statement Saturday. “The suspected breach did not impact any systems that Marriott owns or controls.”
Radisson parent Carlson Rezidor in a statement said, "Radisson deeply values the privacy of the personal information of our guests. The brand is working closely with White Lodging ... as they investigate the breach."
Holiday Inn parent IHG said, "IHG is in communication with White Lodging, who continues to provide updates on the investigation to their business partners, as well as to consumers via their website."
Starwood referred questions to the updated White Lodging statement.
The breach was reported Friday on a blog written by computer-security analyst Brian Krebs, who cited “multiple sources in the banking industry.”
The breach may have revealed information on credit and debit cards of “thousands of guests that had stayed at Marriott, Starwood Hotels & Resorts and Hilton Worldwide properties last year,” Krebs wrote on his KrebsonSecurity blog. No Hilton properties were listed by White Lodging on Monday afternoon.
Follow Danny King on Twitter @dktravelweekly.
This report was updated Tuesday with responses from Carlson Rezidor and IHG.