NEW YORK (REUTERS) - A credit card data breach has been detected that exposed guests at certain Marriott, Holiday Inn, Sheraton and other hotel properties to theft, according to hotel management firm White Lodging Services.
The breach occurred at food and beverage outlets at 14 hotels, including some operated under the Westin, Renaissance and Radisson names, between March 20 and Dec 16 last year, White Lodging said in a statement.
The company said information subject to potential theft by cyber criminals included names and numbers on consumers' debit or credit cards, security codes and card expiration dates.
Customers who used their cards at the affected outlets should review all statements from the time in question and consider placing fraud alerts on their credit files, White Lodging said.
White Lodging would not estimate how many card numbers might have been taken. Krebs on Security, the cybersecurity blog that first reported the breach on Friday, said thousands of accounts had been compromised.
The latest data breach comes after the FBI warned retailers last month to prepare for more cyber attacks after discovering about 20 hacking cases in the past year involving the same kind of malicious software used against Target over the holiday shopping season. The incident involving Target, the No. 3 US retailer, was one of the biggest retail cyber attacks in history.
In a confidential, three-page report to retail companies the FBI described the risks posed by "memory-parsing" malware that infects point-of-sale systems, which include cash registers and credit-card swiping machines in checkout aisles.
Restaurants and lounges affected by the White Lodging breach were at hotels in Chicago; Austin, Texas; Richmond, Virginia; Plantation, Florida; Denver, Boulder and Broomfield, Colorado; Louisville, Kentucky; Erie, Pennsylvania; and Indianapolis and Merrillville, Indiana.
White Lodging, which manages 169 hotels that include brands of Marriott International, Starwood Hotels and Resorts and InterContinental Hotels Group, said it planned to offer affected consumers one year of identity protection services.