The Mandarin Oriental luxury hotel chain is investigating a data breach that affects credit cards used in an “isolated number” of its hotels in the United States and Europe.
Company officials said that the attack involved “undetectable” malware on some of its systems and emphasized that only credit card data, and no other personal information, was compromised. Mandarin Oriental operates a string of high-end hotels around the world in cities such as Boston, Miami, London, Barcelona and Paris. The company said that is still investigating the incident but that it has removed the unnamed malware from its systems.
“Mandarin Oriental can confirm that the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio,” the company said in a statement.
“We take the protection of customer information very seriously. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.”
The company is not identifying which hotels were involved in the breach, only saying that the affected properties are in the U.S. and Europe and that none of the hotels in Asia were hit. It’s also unclear where the malware was, whether it was on point-of-sale systems or the hotel’s internal network. The company said that it has brought in outside security experts to help investigate the attack.
“Mandarin Oriental moved swiftly to address this issue by working with forensic experts and has removed the offending malware. While the Group has leading data security systems in place, this malware is undetectable by all anti-viral systems. Guests can be confident that security protocols are being thoroughly tested at all hotels to protect guest information and prevent a recurrence of such an attack,” the statement said.
“While we have executed additional security protocols, we do not wish to disclose specific details of our security measures.”
Mandarin Oriental officials did not disclose how many customers are potentially affected by the breach.
Image from Flickr photos of Dickson Phua.