Many of the Marriott Hotel locations whose credit processing systems were compromised in 2013 experienced a similar breach in the second half of last year. After several banks and credit institutions investigated incidents of fraud on credit and debit accounts, investigative reporter Brian Krebs followed the payments to the series of hotels, 14 in total. 

The locations in question are run by franchise operator White Lodging Services, and the breach was traced to hacked point of sale systems. The compromises mostly occurred at restaurants and bars at the hotels, between September 2014 and January 2015, according to Jeff Goldman at eSecurity Planet. 

"We recently were made aware of the possibility of unusual credit card transactions at a number of hotels operated by one of our franchise management companies," Marriott spokesman Jeff Flaherty told Krebs. "We understand the franchise company is looking into the matter. Because the suspected issue is related to systems that Marriott does not own or control, we do not have additional information to provide."

The situation is a reminder that franchise operators need to mitigate risk by complying with PCI standards. According to Verizon, less than one-third of retailers remain compliant between audits, leading to breaches. While the investigation is ongoing, representatives from White Lodging said that the business had hired a security firm and have yet to determine the vulnerability that led to the string of compromised credit cards.

The development comes as the corporations's public-facing app was shown to expose user contact information and reservation data. The vulnerability is believed to have existed for four years, and Marriott patched the opening immediately upon discovery. 

Currently, White Lodging is transitioning to tokenization and expects to have the switch completed by the middle of 2015. Contact us today to learn more about secure credit card merchant services that can protect your business from compromise.