Hotel Breach Update Leads RoundupWhite Lodging Says 14 Hotels Affected by POS Compromise
In this week's breach roundup, hotel company White Lodging has confirmed that 14 of its properties suspect a breach of their point-of-sale systems. Also, Unity Health Plans Insurance Corp. is reporting that a portable hard drive containing information about tens of thousands of its members is missing from a Wisconsin pharmacy school.
Hotel Breach Impacted 14 Locations
In an update of its report about a recent breach, hotel company White Lodging, which manages hotel franchises including Hilton, Sheraton and Marriott, has confirmed that 14 of its properties suspect a breach of their point-of-sale systems (see: Hotel Company Investigating Breach).
The compromise occurred from March 20 to Dec. 16, 2013, according to the hotel management company. Breached systems were primarily at restaurants and lounges at the 14 hotels.
Additionally, one of White Lodging's hotels potentially had its point-of-sale system and property management system used at the front desk impacted.
"Upon learning of the suspected data security breach, we immediately contacted appropriate federal law enforcement officials and initiated a third-party forensic review, including a review of all other properties managed by White Lodging," the company says. "We continue to work with investigators and the credit card companies."
Compromised information at the locations may include names printed on customer credit or debit cards; credit or debit card numbers; security code and card expiration dates.
White Lodging did not immediately respond to requests for further clarification around the number of affected customers.
Health Insurer Reports Missing Drive
Unity Health Plans Insurance Corp. reports that a portable hard drive containing limited information for more than 41,000 of its members is missing from the University of Wisconsin-Madison School of Pharmacy.
The school had the information as part of a benefits program evaluation, according to insurance company.
Information on the hard drive included some protected health information relating to certain prescription drugs. Other information included Unity member number, date of birth, city of residence, name of drug and date of service, if any.
The insurance company mailed a notification letter to affected individuals Jan. 29.
"Both Unity and the University of Wisconsin-Madison School of Pharmacy are undertaking comprehensive reviews of this breach of policy and are instituting information and re-education initiative to ensure that all employees protect member information at all times," Unity said in a statement. "We take our responsibility to protect member information very seriously."
Canadian Telecom Firm Reports Breach
Canadian telecommunications company Bell Canada Enterprises is reporting that more than 22,000 usernames and passwords, along with five valid credit card numbers, of Bell small-business customers were posted on the Internet following the illegal hacking of an Ottawa-based third-party supplier's IT system.
"In line with our strict privacy and security policies, Bell is contacting affected small business customers, has disabled all affected passwords, and has informed appropriate credit card companies," the company said. "We continue to work with the supplier as well as law enforcement and government security officials to investigate the matter."
The company did not immediately respond to a request for more information.