Hotel management company, White Lodging Services Corp recently confirmed that between July 3, 2014 and February 6, 2015 hackers breached the point-of-sale (POS) systems for the food and beverage outlets connected to 10 hotel locations.
This is not the first POS breach that has affected White Lodging. In 2014 the firm suffered a malware incident at the food and beverage outlets of 14 hotels. Interestingly, White Lodging admits that the restaurants and lounges affected in this breach belong to the same locations breached last year, but are still emphasizing that the two are separate incidences.
"After suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security technology and managed services," wrote Dave Sibley, White Lodging president and CEO, Hospitality Management. "These security measures were unable to stop the current malware occurrence on point of sale systems at food and beverage outlets in 10 hotels that we manage."
Inside sources, including security news and investigation website KrebsOnSecurity and bank investigators, were reporting evidence of the breach as early as February 15, 2015, but the hotel franchise firm denied any problems until very recently.
Information considered at risk in this breach includes names printed on customers' credit or debit cards, credit or debit card numbers, the security codes and expiration dates. White Lodging states that only cards used in hotel restaurants and lounges for food and beverage service are affected, not room charges or front desk transactions.
Companies using point of sale software should consult with a PCI company about upgrading credit card processing software to better protect their customers.