Naked Security Naked Security

Mandarin Oriental hotel chain confirms credit card breach

Thieves planted malware on POS systems on some US and European Mandarin Oriental hotels. Guests, restaurant and gift shop customers: check your statements!

Mandarin Oriental, Munich, creative commonsGuests of the glitzy Mandarin Oriental hotel chain have been e-pickpocketed.

Security journalist Brian Krebs broke the news about the credit card breach – which affects an as-yet undetermined number of customers – on Wednesday.

In a statement, Mandarin Oriental confirmed a potential breach and said it’s conducting an investigation.

The statement indicates that the crooks planted malware on point-of-sale systems on some of the hotel group’s US and European hotels:

Mandarin Oriental can confirm that the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio.Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.

Krebs reports that banking industry sources told him the breach likely involves “most, if not all” Mandarin hotels in the US, including those in Boston, Florida, Las Vegas, Miami, New York, and Washington, D.C.

Those same sources said that the compromise probably began shortly before Christmas 2014.

As Krebs points out, the infected POS systems might not be the ones used by the hotels’ front desks.

Last year, hotel management company White Lodging found that it had been leaking thousands of guests’ credit and debit card details for much of 2013, mostly from the restaurants, gift shops and other businesses run inside the hotels.

At any rate, the thieves have certainly been skimming the cream when it comes to the Mandarin.

It’s not a cheap hotel. For example, according to Forbes Travel Guide, rooms in its five star New York City hotel are priced at around $850 per night for a basic room, and can hit $3664 per night for a premier Central Park-view suite.

Those cards should fetch a pretty penny on the black markets.

If you’ve been in a Mandarin hotel recently, whether it was to stay the night, nosh at a hotel restaurant or buy something at a gift shop, whether it’s something gold-plated or just the daily newspaper, keep an eye out for odd charges on your statement.

Mandarin Oriental, Munich, licensed under Creative Commons.


Leave a Reply

Your email address will not be published. Required fields are marked *