Merrillville, Ind.-based hotel management company White LodgingServices Corporation revealed a malware attack took place againstPOS systems at 10 of the hotels it manages, potentially exposingpayment card data for an undisclosed number of customers.

The suspected breach of POS systems at food and beverage outlets, such asrestaurants and lounges, occurred from July 3, 2014 through Feb. 6,2015 at 10 properties, according to officials from White LodgingServices Corporation. The disclosure comes about a year after thecompany confirmed a similar malware-related breach.

According to an eSecurity Planet report, several financialinstitutions uncovered the fraud on credit and debit cards run atMarriott hotels on Jan. 27, 2015. Upon learning of the suspecteddata security breach, company officials said they immediatelycontacted appropriate federal law enforcement officials andinitiated a third-party forensic review. The company continues towork with investigators and the credit card companies.

“We quickly engaged a third-party forensic services provider toconduct an investigation. We also notified the U.S. SecretService,” the hotel company said. “The preliminary results of theinvestigation revealed malicious software and remnants of suchsoftware on a number of the point-of-sale terminals used at foodand beverage outlets at the hotels. Because this malicious softwarewas detected, the credit/debit card data entered on these deviceswas at risk of theft.”

The food and beverage outlets affected are located atIndianapolis Marriott Downtown, Chicago Marriott Midway Airport,Auburn Hills Marriott Pontiac at Centerpoint, Pontiac, Mich.;Austin (Texas) Marriott South Airport; Boulder (Colorado) Marriott;Denver Marriott South at Park Meadows; Louisville (Kentucky)Marriott Downtown; Renaissance Boulder Flatiron, Broomfield, Colo.;Courtyard Austin (Texas) Downtown and Sheraton Hotel Erie Bayfront,Erie, Penn.

“After suffering a malware incident in 2014, we took variousactions to prevent a recurrence, including engaging a third partysecurity firm to provide security technology and managed services,”Dave Sibley, president/CEO for White Lodging HospitalityManagement, said. “These security measures were unable to stop thecurrent malware occurrence on point of sale systems at food andbeverage outlets in 10 hotels that we manage. We continue to remaincommitted to investing in the measures necessary to protect thepersonal information entrusted to us by our valuable guests. Wedeeply regret and apologize for this situation.”

The illegally accessed data at risk appears limited to namesprinted on customers' credit or debit cards, credit or debit cardnumbers, the security code and card expiration dates. Unaffected bythe breach are guests who did not use their credit card at theseoutlets, or charged to their room accounts.

White Lodging manages hotels under agreements with the hotelowners and is a distinct and separate entity from the specifichotel brands involved, including Marriott and Starwood.

Guests who used or visited the affected food and beverageoutlets during the seven-month period and who used a credit ordebit card to pay their bills at the outlets might have had suchinformation compromised and are encouraged to review theirstatements from that time period.

The Identity Theft Resource Center, reports that as of April 8,there have been 225 breaches in 2015 with 101,957,626 recordsexposed. Only 0.4% affected the Banking/Credit/Financial category,as opposed to 97.5% for the Medical/Healthcare category.