Beginning in March 23, 2013 to the end of last year, guests of the Marriott hotel chain have been struck by a large-scale credit-card hacking scheme. Gary Warner, chief technology officer at Malcovery Security, told The Globe and Mail that the security breach targeted restaurants and gift shops in Marriott properties. Warner suggests the fraud was possible because customers in the U.S., unlike in Canada, still use credit cards with built-in chips or PINs that can be easily copied. The fact that the intrusion took place primarily in restaurants and gift shops, but spread throughout multiple states, suggests that the hackers invaded via fraudulent computer code acquired by an employee in a payment processing center.
According to eSecurity Planet, the fraud was disclosed by computer security journalist Brian Krebs, who traced the fraud to an invasion of systems belonging to White Lodging, a hotel chain operator that maintains franchises for Marriott but also Sheraton, Westin, Hyatt and InterContinental. Krebs reported that a pattern of fraud originated in hundreds of cards previously used at specific Marriott hotels managed by White Lodging. White Lodging announced than an investigation is in progress.
"We are working closely with the franchise management company as they investigate the matter," said Jeff Flaherty, spokesman for Marriott, told WDAM. "Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide."
Last year's high profile hacking of Target's credit card systems is potentially the largest breach in U.S. retail history, affecting as many as 110 million customers. After Target disclosed its breach, other retailers announced similar breaches, including Neiman Marcus and Michaels. Security experts have warned of the possibility other companies were targeted by the hackers who hit Target.