Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

Marriott International Inc. is one of the hotel companies looking to expand in Indian markets.

John Lehmann/The Globe and Mail/John Lehmann/The Globe and Mail

A large American hotel management firm that operates franchises for Marriott, Sheraton and Westin has confirmed that guests at 14 of its establishments were the victims of a credit-card hacking scheme.

White Lodging Services Corp. said the security breach affected people who used debit or credit cards at the restaurants or lounges of the following hotels, between March 20 and Dec. 16 of last year:

Marriott Midway, Chicago; Holiday Inn Midway, Chicago; Holiday Inn Austin Northwest, Austin, Tex.,;  Sheraton Erie Bayfront, Erie, Pa.,;  Westin Austin at the Domain, Austin; Marriott Boulder, Boulder, Colo.;  Marriott Denver South, Denver;  Marriott Austin South, Austin; Marriott Indianapolis Downtown, Indianapolis; Marriott Richmond Downtown, Richmond, Va.;  Marriott Louisville Downtown, Louisville. Ky.; Renaissance Plantation, Plantation, Fla.; Renaissance Broomfield Flatiron, Broomfield, Colo.;  Radisson Star Plaza, Merrillville, Ind.

Story continues below advertisement

In addition to the hacking of the points-of-sale systems at food and beverage outlets, White Lodging said the computer network that manages hotel guests' credit card information at the Radisson Star Plaza in Merrillville was also compromised.

(Merrillville, near Chicago, is where White Lodging head offices are located.)

The stolen information included customers' names, credit or debit card numbers, security codes and card expiration dates.

"We deeply regret and apologize for any inconvenience caused by this incident and remain committed to protecting all information entrusted to us by our guests," White Lodging said in a communiqué released Monday afternoon.

The chain said it arranging to offer one year of complimentary personal identity protection services to all affected cardholders.

The problem was first disclosed by computer security journalist Brian Krebs, who reported that sources in the banking industry noticed earlier this month a pattern of card fraud at hotels in Austin, Chicago, Denver, Los Angeles, Louisville and Tampa.

The breach of security took place between March 23, 2013 and the end of last year. Sources told Mr. Krebs that victims used their cards at restaurants and gift shops within hotels managed by White Lodging.

Story continues below advertisement

"One of our franchise management companies has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels. They are in the midst of the investigation and are in close contact with the banks and credit cards companies," Marriott said in a statement.

The fraud was likely made possible because, unlike users in Canada, many customers in the U.S. still have cards that have no built-in chips or PINs and are easily cloned, said Gary Warner, Chief Technology Officer at Malcovery Security.

Historically, hackers introduced malware into hotel computer systems through the online reservations system, Mr. Warner said in an interview.

In this case, however, the fact that the intrusion was limited to restaurants and gift shops but occurred in a number of different states, suggests that the hackers introduced the fraudulent computer code through an e-mail to an employee in a payment processing centre, Mr. Warner said.

A commenter on Mr. Krebs' blog reported that JPMorgan Chase bank cancelled and reissued his corporate credit card last week. The commenter has not made purchases at some of the retail chains recently known to be affected by data breaches but was a frequent traveller and had used his card during hotel stays.

Paul Hartwick, a spokesman for JPMorgan Chase, said the bank had no comment to make "at this time."

Story continues below advertisement

Mr. Warner said the breach could have come to the attention of bank investigators through two possible scenarios: card holders may have reported improper purchases on their monthly statements, or a security firm retained by the bank recovered card numbers from a website where hackers resell stolen data. In either scenario, the bank would have run computer analysis of the fraudulent transactions to retrace the merchant whose point of purchase was breached.

In the past, card issuers would have absorbed the losses, Mr. Warner said. Now, however, "as larger breaches occur, there's more pressure on banks to make sure that they recover the funds," he said.

News of the hotel card fraud problem came in the wake of another major breach that Mr. Krebs had also revealed, when retailing chain Target was hit by a massive hacking of consumer data during the holiday shopping season.

On Friday, a U.S. card-issuing financial institution, First Choice Federal Credit Union, filed a lawsuit against Target Corp., seeking damages for the costs stemming from the security breach.

In Canada, meanwhile, Bell confirmed that hackers had posted on the Internet during the weekend 22,421 user names and five credit card numbers belonging to small business customers.

"Bell is contacting affected small business customers, has disabled all affected passwords, and has informed appropriate credit card companies," the Canadian telecommunications giant said in a statement.

Report an error Editorial code of conduct
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies