Road Warrior

Hotel data breach went undiscovered for nine months

White Lodging Services, the company that manages hotels in eight states victimized by a customer data breach, said in a statement Thursday it first learned of the nine-month malware attack on Jan. 16, more than two weeks before the news was made public.

A spokesman for one of the hotels told CNBC his organization was not notified by White Lodging until Jan. 31, the same day it was first reported by security researcher Brian Krebs on his Krebs on Security website.

The breach hit 14 hotels, including ones owned by Marriott, Starwood, Intercontinental and Carlson Rezidor or their franchisees.