White Lodging Services Corporation (WLSC), an independent company which manages more than 160 hotels in 21 states of America, has confirmed a second data breach on its credit card systems at 10 locations.
In a press release issued on April 8, the WLSC said that the suspected breach of point-of-sale systems at food and beverage outlets, such as restaurants and lounges, from July 3, 2014 to February 6, 2015 at 10 hotels.
While it is believed that some of the breached locations were the last year’s breached locations only, the Indiana-based company clarified that the second was a separate breach.
According to KrebsOnSecurity news report published on April 15, in February 2015 it reported for the second time within a year that multiple financial institutions were complaining about the fraud on customer’s credit and debit cards that were all recently used at a string of hotel properties run by the WLSC.
However, the company said it had no evidence of a new breach at that time, but last week only, it confirmed the suspected breach of point-of-sale systems at 10 locations.
Banking sources back in February 2015 said that the credit cards compromised in this most recent incident looked like they were stolen from many of the same WLSC locations implicated in the 2014 breach, including hotels in Austin, Texas, Bedford Park, Ill., Denver, Indianapolis, and Louisville, Kentucky.
“After suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security and managed services,” said (in the press release) Dave Sibley, Chief Executive Officer (CEO) of the WLSC.
“However, these security measures failed to stop the malware occurrence on point-of-sale systems at those 10 hotels. We will continue our investigation as it is necessary to protect the personal information entrusted to us by our valuable guests. We deeply regret and apologize for this situation,” he added.
According the WLSC, the stolen data includes names printed on customers’ credit or debit cards, credit or debit card numbers, and the security code and card expiration dates.
The company is offering a year’s worth of credit protection services for customers impacted by the breach, from Experian.