A nationwide hotel operator is investigating a suspected data security breach that may have compromised credit card and debit card information of customers who stayed at properties in eight states last year, the company announced Monday.
Merrillville-based White Lodging Services Corp. said in a statement that the suspected breach affected cards used at hotel restaurants and lounges between March 20 and Dec. 16 at 14 properties it manages. The front desk system also was affected at one property, according to White Lodging, which did not say how many customers may have been affected.
"The unlawfully accessed data may have included names printed on customers' credit or debit cards, credit or debit card numbers, the security code and card expiration dates," the company said in a statement released by spokeswoman Kathleen Quilligan.
White Lodging, which owns and manages 168 hotels under various brands in 21 states and is a separate entity from specific hotel brands, said the breach may have affected properties in Indianapolis, Merrillville, Chicago; Austin, Tex.; Richmond, Va.; Erie, Penn.; Louisville; Plantation, Fla.; and Denver, Boulder and Bloomfield, Colo.
White Lodging said it is working with federal law enforcement officials and the credit card companies and has initiated a review of all its properties.
The properties include hotels under various Marriott, Hyatt and Hilton brands and include more than 30 restaurants. The company has nearly $1 billion in annual revenue and nearly 9,000 employees, according to its website.
Marriott International said in a statement that "the suspected breach did not impact any systems that Marriott owns or controls," but it was closely monitoring the situation. A Hyatt statement said none of its five White Lodging hotels were believed to have been affected. Hilton had not released a statement as of Monday afternoon.
The breach involving credit and debit card information is the latest in a wave of cyber break-ins involving millions of customers reported during the past month.
The biggest data raid was on Target Corp., which has said hackers stole about 40 million debit and credit card numbers during the holiday season. Michaels Stores has said it is working with authorities to investigate a possible breach, but hasn't said how many customers might be affected. Neiman Marcus Group Ltd. recently said a security breach last year may have affected about 1.1 million cards.
White Lodging said it is arranging to offer a year of complimentary personal identity protection services to all affected cardholders, who also are encouraged to place a fraud alert on their files. Some financial institutions are increasing their fraud monitoring or have reissued cards, the statement said.
"We deeply regret and apologize for any inconvenience caused by this incident and remain committed to protecting all information entrusted to us by our guests," White Lodging said.
White Lodging identified the properties affected by the breach as:
— Marriott Indianapolis Downtown, Indianapolis
— Radisson Star Plaza, Merrillville (both food-and-beverage and front-desk systems)
— Marriott Midway, Chicago
— Holiday Inn Midway, Chicago
— Marriott Louisville Downtown, Louisville
— Holiday Inn Austin Northwest, Austin, Texas
— Westin Austin at the Domain, Austin
— Marriott Austin South, Austin
— Sheraton Erie Bayfront, Erie, Penn.
— Marriott Boulder, Boulder, Colo.
— Renaissance Broomfield Flatiron, Broomfield, Colo.
— Marriott Denver South, Denver
— Marriott Richmond Downtown, Richmond, Va.
— Renaissance Plantation, Plantation, Fla.