Mandarin Oriental Admits Credit Card Data Breach

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Follow on:

Upscale Mandarin Oriental hotel chain, which boasts 27 properties around the globe, is investigating a malware attack on guests’ financial data

Mandarin Oriental has revealed that credit card systems in some of its hotels in Europe and the US have been breached in a malware attack.

The hotel group says it has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to keep its systems and hotel guests protected. With incidents of this nature increasingly becoming an industry-wide concern, the hotel chain’s IT team has also alerted its technology peers in the hospitality industry.

Protecting customers

A statement from the Mandarin Oriental read: “We take the protection of customer information very seriously. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.”

tokyo-exterior-view-night-01Mandarin Oriental added that it moved swiftly to address this issue by working with forensic experts and has removed the offending malware. While the Group claims to have leading data security systems in place, this malware was undetectable by all anti-viral systems, the company said.

“Guests can be confident that security protocols are being thoroughly tested at all hotels to protect guest information and prevent a recurrence of such an attack,” the company said. “While we have executed additional security protocols, we do not wish to disclose specific details of our security measures.”

Mandarin Oriental has not revealed exactly which of its 24 hotels have been targeted, confirming only that “an isolated number of hotels in the US and Europe have been affected, and none in Asia.” The company’s forensic investigation is still underway and specific hotels are unlikely to be named until the study is complete.

However, Forbes Travel Guide quoted as source who said all of Mandarin Oriental’s US locations, including New York, Las Vegas, Washington DC and Boston, have been affected, with the attack beginning in December 2014.

The hotel group has put additional security measures in place at all hotels and says it is working to ensure everything possible is being done to protect our guests’ personal information.

If any Mandarin Oriental customers suspect any unauthorised activity on their bank cards, it is recommended that they contact their credit card provider directly.

How much do you know about hacking and viruses? Take our quiz to find out!