In a confidential, three-page report to retail companies the FBI described the risks posed by "memory-parsing" malware that infects point-of-sale (POS) systems, which include cash registers and credit-card swiping machines in checkout aisles.
Restaurants and lounges affected by the White Lodging breach were at hotels in Chicago; Austin, Texas; Richmond, Virginia; Plantation, Florida; Denver, Boulder and Broomfield, Colorado; Louisville, Kentucky; Erie, Pennsylvania; and Indianapolis and Merrillville, Indiana, the company said.
White Lodging, which manages 169 hotels that include brands of Marriott International, Starwood Hotels and Resorts and Inter Continental Hotels Group, said it planned to offer affected consumers one year of identity protection services.
The company, based in Merrillville, Indiana, said it notified federal authorities of the suspected breach and had begun a review of other properties it manages.
(Read more: Up to 1.1M cards compromised: Neiman Marcus)
A spokeswoman for White Lodging declined to comment beyond the company's statement.
Marriott said one of its franchise management companies had "unusual fraud patterns" with payment systems, according to a statement from spokesman Jeff Flaherty. He added that Marriott was working with the company in the probe.
"Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide," Flaherty added.