Hotel Breach Update Leads Roundup

White Lodging Says 14 Hotels Affected by POS Compromise
Hotel Breach Update Leads Roundup

In this week's breach roundup, hotel company White Lodging has confirmed that 14 of its properties suspect a breach of their point-of-sale systems. Also, Unity Health Plans Insurance Corp. is reporting that a portable hard drive containing information about tens of thousands of its members is missing from a Wisconsin pharmacy school.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Hotel Breach Impacted 14 Locations

In an update of its report about a recent breach, hotel company White Lodging, which manages hotel franchises including Hilton, Sheraton and Marriott, has confirmed that 14 of its properties suspect a breach of their point-of-sale systems (see: Hotel Company Investigating Breach).

The compromise occurred from March 20 to Dec. 16, 2013, according to the hotel management company. Breached systems were primarily at restaurants and lounges at the 14 hotels.

Additionally, one of White Lodging's hotels potentially had its point-of-sale system and property management system used at the front desk impacted.

"Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging," the company says. "We continue to work with investigators and the credit card companies."

Compromised information at the locations may include names printed on customer credit or debit cards; credit or debit card numbers; security code and card expiration dates.

White Lodging did not immediately respond to requests for further clarification around the number of affected customers.

Health Insurer Reports Missing Drive

Unity Health Plans Insurance Corp. reports that a portable hard drive containing limited information for more than 41,000 of its members is missing from the University of Wisconsin-Madison School of Pharmacy.

The school had the information as part of a benefits program evaluation, according to insurance company.

Information on the hard drive included some protected health information relating to certain prescription drugs. Other information included Unity member number, date of birth, city of residence, name of drug and date of service, if any.

The insurance company mailed a notification letter to affected individuals Jan. 29.

"Both Unity and the University of Wisconsin-Madison School of Pharmacy are undertaking comprehensive reviews of this breach of policy and are instituting information and re-education initiative to ensure that all employees protect member information at all times," Unity said in a statement. "We take our responsibility to protect member information very seriously."

Canadian Telecom Firm Reports Breach

Canadian telecommunications company Bell Canada Enterprises is reporting that more than 22,000 usernames and passwords, along with five valid credit card numbers, of Bell small-business customers were posted on the Internet following the illegal hacking of an Ottawa-based third-party supplier's IT system.

"In line with our strict privacy and security policies, Bell is contacting affected small business customers, has disabled all affected passwords, and has informed appropriate credit card companies," the company said. "We continue to work with the supplier as well as law enforcement and government security officials to investigate the matter."

The company did not immediately respond to a request for more information.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.