Mandarin Oriental luxury hotels hit by credit card security breach
Thu 5 Mar 2015
Mandarin Oriental, the multinational luxury hotel group has today confirmed that a number of its hotels have been targeted in a cybersecurity breach with hackers stealing guests’ credit card information.
The upscale hotel chain did not reveal which locations had been affected, or when the cyberattack took place, but admitted that it had been uncovered as a common factor in a wave of fraudulent charges in its guests’ credit card accounts.
A statement given to the KrebsOnSecurity blog read: “We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue […] Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.”
It is thought that nearly all of the Mandarin Oriental’s 24 global locations were subject to the cyberattack, including each of its US hotels in New York, Washington, D.C., Florida, Miami, Boston and Las Vegas – all confirmed as targets. According to a number of sources the hack most likely started in December 2014.
It may well be however that the data has been taken from fraudulent payment devices at the hotels’ restaurants and other outlets, rather than from the main front desk system. This happened to be the case for White Lodging Services, whose guests had been targeted through breached payment terminals at restaurants and gift shops within its hotels.
The stolen information has reportedly been placed on worldwide black markets and is expected to be fetching high prices considering the hotel’s class of clientele, with average room prices in New York going for $850 a night (approx. £560).
