Customers of more than a dozen hotels across the United States may have had their credit card information compromised in the latest security breach to unravel in recent weeks.
Independent hotel management company White Lodging announced Feb. 3 that it suspects a breach occurred over a nine-month period, from March 20 to Dec. 16, 2013, in restaurants and lounges at 14 of its properties including hotels it runs under the Marriott, Holiday Inn and Westin brands.
The compromised data may have included names, card numbers, security codes and expiration dates. White Lodging urges guests who used or visited the affected hotels during the suspected breach to review their card statements. Customers who suspect unauthorized activity should report it to the issuer of the credit or debit card.
Visa, MasterCard, American Express and Discover offer their credit card holders zero liability for unauthorized charges as long as the charges are reported to them in a timely manner.
Guests should also consider placing a fraud alert on their credit files, White Lodging suggests.
The company will offer one year of complimentary personal identity protection services to all affected cardholders. It said in a news release that it's working with law enforcement and is reviewing charges at all of the properties it manages.
The hotels affected by the White Lodging breach are:
- Marriott Midway, Chicago
- Holiday Inn Midway, Chicago
- Holiday Inn Austin Northwest, Austin
- Sheraton Erie Bayfront, Erie, Pa.
- Westin Austin at the Domain, Austin
- Marriott Boulder, Boulder
- Marriott Denver South, Denver
- Marriott Austin South, Austin
- Marriott Indianapolis Downtown, Indianapolis
- Marriott Richmond Downtown, Richmond, Va.
- Marriott Louisville Downtown, Louisville, Ky.
- Renaissance Plantation, Plantation, Fla.
- Renaissance Broomfield Flatiron, Broomfield, Colo.
- Radisson Star Plaza, Merrillville, Ind.
The hotel incident comes on top of other retailers experiencing data breaches, including Target — where up to 110 million of its customers may have had their credit, debit and other personal information stolen over a three-week period late last year.