Concerns rise as hotel chains disclose data breach

SEATTLE -- The disclosure of consumer data breaches at certain Marriott, Holiday Inn, Sheraton and other major hotels managed by White Lodging Hotels comes as Congress is getting briefed about how cybercriminals are taking advantage of flaws in systems that collect and store sensitive data.

News: White Lodging warns of breach

Senators Al Franken, Dick Durbin, and Diane Fienstein yesterday got an earful from senior executives from Target and Neiman Marcus and a full slate of industry experts.

Sterne Agee analyst Vijay Rakesh says two big takeaways from Tuesday's sessions on Capitol Hill were:

The October 2015 timeline issued by Visa and MasterCard for US merchant to switch from magnetic striped point of sale systems to EMV pin and chip technology could be shorten for many companies.

Target CFO, John Mulligan, said the retail giant has committed to decreasing that timeline internally by 6 months, and plans to have new systems up and running in the first quarter of 2015.

The revelation that hotel chains have been hit adds to concerns lawmakers already hold regarding data breaches recently reported by Target, Neiman Marcus and Michaels. The affected hotels in the White Lodging incident are:

Marriott Midway, Chicago
Holiday Inn Midway, Chicago
Holiday Inn Austin Northwest, Austin
Sheraton Erie Bayfront, Erie, Pa.
Westin Austin at the Domain, Austin
Marriott Boulder, Boulder
Marriott Denver South, Denver
Marriott Austin South, Austin
Marriott Indianapolis Downtown, Indianapolis
Marriott Richmond Downtown, Richmond, Va.
Marriott Louisville Downtown, Louisville, Ky.
Renaissance Plantation, Plantation, Fla.
Renaissance Broomfield Flatiron, Broomfield, Colo.
Radisson Star Plaza, Merrillville, Ind.

Meanwhile, a new research firm, the The CyberEdge Group, this morning issued results of a survey of 750 security decision makers and practitioners , called the Cyberthreat Defense! Report. Key findings paint a picture of a landscape full of ripe targets for hackers:

More than 60 percent of survey takers said they worked for companies that had been breached in 2013

Some 25% cited lack of employer investment in adequate defenses

Steve Piper, CEO of CyberEdge, says the report is intended to complement Verizon's benchmark Data Breach Investigations Report, which annually identifies patterns revealed in hundreds of actual forensics investigations.

"As security professionals, it's not only important to know what threats are coming at us, but what our peers are doing about them," Piper says. "This report provides this level of insight in a purely unbiased way."