After being hit by POS malware on fourteen of it’s managed hotels in the previous year, White Lodging Services experience yet another data breach against point-of-sale systems on ten more hotels, that potentially exposed payment card data for an undisclosed number of customers. The POS systems in the restaurants and lounges of the hotels were affected from July 3, 2014, through February 6, 2015 in hotels from Colorado, Illinois, Indiana, Kentucky, Michigan, Pennsylvania and Texas.
The latest breach was initially discovered on Jan 27, 2015 when the company was informed of unusual activity on credit cards used at four different Marriott hotels they manage. This particular breach risked names, payment card numbers, card security numbers and expiration dates to those who are unauthorized to access this particular data.
Upon learning of the suspected data breach, company officials immediately notified the U.S. Secret Service, contacted federal law enforcement officials and initiated a third-party forensic review. Through the investigation, they were able to detect malicious software on a number of point-of-sale terminals used at the food and beverage outlets of the hotel. This malicious software puts any credit/debit card data entered onto these devices at risk.
Although White Lodging Services has previously attempted to secure its data and networks, they are again taking this data breach seriously and taking whatever actions needed in order to secure their data and ensure that their customers are safe. Also, White Lodging Services is offering one year of free fraud resolution and identity services to those affected, and are also encouraging anyone to review their statements if they used a debit or credit card in the food and beverage outlets of the hotels.
– Destiny Pacheco
Imagine if Time Warner Cable or DirectTV suffered a data breach that exposed the names, phone numbers, addresses and account number of its customers, you being one of them!
The fourth largest internet-service provider in the U.K., TalkTalk, suffered just this as the involvement of a third party was given complete and legitimate access to customer account details. According to TalkTalk, a small number of customers were at risk, but the number was significant enough for them to investigate and take security precautions in order for this incident to never happen again.
Although not all customers who were at risk suffered a significant loss, some were targeted directly as they were called by the hackers, pretending to be employees of the company, and were asked for their account information. A customer by the name of Graeme Smith noticed a loss of £2,800 in their account once someone claimed to be a member of the TalkTalk fraud team, and tricked him into downloading a software onto his computer, gaining access to his online bank account; also in which his bank refused to compensate for.
For those who have been targeted directly, TalkTalk has been working with them personally in order to protect the customers and be sure that no greater damage is caused. The company has also sent out an email informing customers on their findings of the third party access and a link online for customers to see what steps they need to take in order to be protected. They have also informed them in the email that their employees with never ask for their account information by telephone as insurance, and if you are unsure if you are truly speaking with the company, hang up and call back with the phone number given on it’s website.