Hotel management company White Lodging continues its investigation into the data breach that appears to have taken place between March 20 and December 15, 2013 at various locations.
The company has revealed that customers who have made purchases with their payment cards at restaurants and lounges in a total of 14 hotels are impacted.
The list includes the Marriott Midway and the Holiday Inn Midway in Chicago; the Holiday Inn Austin Northwest, the Westin Austin at the Domain and the Marriott Austin South in Austin; the Sheraton Erie Bayfront in Erie (PA); and the Marriott Louisville Downtown in Louisville (KY).
In Colorado, the Marriott Boulder in Boulder, the Marriott Denver South in Denver, and the Renaissance Broomfield Flatiron in Broomfield are impacted.
The list of affected locations is completed by the Marriott Indianapolis Downtown in Indianapolis (IN), the Radisson Star Plaza in Merrillville (IN), the Marriott Richmond Downtown in Richmond (VA), and the Renaissance Plantation in Plantation (FL).
Initially, it was assumed that only the point of sale systems at food and beverage outlets were affected, but at the Radisson Star Plaza, the cybercriminals gained access to property management systems as well.
The information that might have been compromised includes names, credit and debit card numbers, expiration dates and security codes.
“Guests who used or visited the affected businesses during the nine month-period and who used a credit or debit card to pay their bills at the outlets might have had such information compromised and are encouraged to review their statements from that time period,” White Lodging stated.
Cardholders are also advised to consider placing fraud alerts on their credit files, and report any unauthorized activity to the card issuer. The company is preparing to offer free identity protection services for a period of one year to affected customers.