White Lodging Services, a large hotel management company, has confirmed a second payment card breach in less than 14 months.

Unusual payment card activity was discovered on Jan. 27 on credit cards used at four Marriott-branded hotels. Customer names, card numbers, security codes and expiration dates were compromised.

Those affected are customers who used their cards at food and beverage outlets between July 2, 2014, and Feb. 6, 2015, in 10 hotels, which were eight Marriotts, one Courtyard and one Renaissance.

The point-of-sale malware collects payment card data immediately after a card is swiped and the details sit unencrypted in a computer’s RAM.

After its first data breach, which occurred between March 20, 2013 and Dec. 16, 2013, the company hired a third-party security firm, which it did not identity, to help shore up its systems.

“Unfortunately, the security measures put in place did not stop the implantation of malware on point-of-sale systems at food and beverage outlets in select hotels we manage,” it said.

The company did not say whether it was the same hackers that carried out the first theft.

Many times the hackers are believed to be outside the U.S. Extraditing suspects is also not possible from some countries. For example, the U.S. does not have extradition treaties with China or Russia, two nations often accused of hosting cybercriminal activity.

Source: PCWorld