Mandarin Oriental Admits Credit Card Data Breach

Mandarin Oriental has revealed that credit card systems in some of its hotels in Europe and the US have been breached in a malware attack.

The hotel group says it has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to keep its systems and hotel guests protected. With incidents of this nature increasingly becoming an industry-wide concern, the hotel chain’s IT team has also alerted its technology peers in the hospitality industry.

Protecting customers

A statement from the Mandarin Oriental read: “We take the protection of customer information very seriously. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.”

Mandarin Oriental added that it moved swiftly to address this issue by working with forensic experts and has removed the offending malware. While the Group claims to have leading data security systems in place, this malware was undetectable by all anti-viral systems, the company said.

“Guests can be confident that security protocols are being thoroughly tested at all hotels to protect guest information and prevent a recurrence of such an attack,” the company said. “While we have executed additional security protocols, we do not wish to disclose specific details of our security measures.”

Mandarin Oriental has not revealed exactly which of its 24 hotels have been targeted, confirming only that “an isolated number of hotels in the US and Europe have been affected, and none in Asia.” The company’s forensic investigation is still underway and specific hotels are unlikely to be named until the study is complete.

However, Forbes Travel Guide quoted as source who said all of Mandarin Oriental’s US locations, including New York, Las Vegas, Washington DC and Boston, have been affected, with the attack beginning in December 2014.

The hotel group has put additional security measures in place at all hotels and says it is working to ensure everything possible is being done to protect our guests’ personal information.

If any Mandarin Oriental customers suspect any unauthorised activity on their bank cards, it is recommended that they contact their credit card provider directly.

How much do you know about hacking and viruses? Take our quiz to find out!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

View Comments

  • Unfortunately, they have just learned the hard way that compliance does not equal security. This is a lesson provided by their counterparts at other companies that have been previously hacked. It’s important for all organizations that collect credit card and other sensitive data to not only follow PCI and privacy guidelines, but go beyond them, as they are just a baseline or minimum of acceptable security.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago