Mandarin Oriental has revealed that credit card systems in some of its hotels in Europe and the US have been breached in a malware attack.
The hotel group says it has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to keep its systems and hotel guests protected. With incidents of this nature increasingly becoming an industry-wide concern, the hotel chain’s IT team has also alerted its technology peers in the hospitality industry.
A statement from the Mandarin Oriental read: “We take the protection of customer information very seriously. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.”
“Guests can be confident that security protocols are being thoroughly tested at all hotels to protect guest information and prevent a recurrence of such an attack,” the company said. “While we have executed additional security protocols, we do not wish to disclose specific details of our security measures.”
Mandarin Oriental has not revealed exactly which of its 24 hotels have been targeted, confirming only that “an isolated number of hotels in the US and Europe have been affected, and none in Asia.” The company’s forensic investigation is still underway and specific hotels are unlikely to be named until the study is complete.
However, Forbes Travel Guide quoted as source who said all of Mandarin Oriental’s US locations, including New York, Las Vegas, Washington DC and Boston, have been affected, with the attack beginning in December 2014.
The hotel group has put additional security measures in place at all hotels and says it is working to ensure everything possible is being done to protect our guests’ personal information.
If any Mandarin Oriental customers suspect any unauthorised activity on their bank cards, it is recommended that they contact their credit card provider directly.
How much do you know about hacking and viruses? Take our quiz to find out!
US Commerce Secretary Gina Raimondo says Huawei's flagship smartphone chip 'years behind' US technology, shows…
Cloud companies, business user groups say Broadcom price changes do not address their concerns, as…
Dating app Grindr sued over claims it shared sensitive user data, including HIV status, with…
Meta Platforms opens operating system behind Quest virtual reality headsets to third parties amidst competition…
European Commission may ban rewards feature in recently launched TikTok Lite that it calls 'toxic…
US House of Representatives passes new bill combining TikTok measures with foreign aid, may face…
View Comments
Unfortunately, they have just learned the hard way that compliance does not equal security. This is a lesson provided by their counterparts at other companies that have been previously hacked. It’s important for all organizations that collect credit card and other sensitive data to not only follow PCI and privacy guidelines, but go beyond them, as they are just a baseline or minimum of acceptable security.