Global hotel chain Mandarin Oriental has confirmed that its hotels have been affected by a credit card breach.
In a statement to security blogger Brian Krebs, it confirmed that is was “currently conducting a thorough investigation to identify and resolve the issue”.
It said: “Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.”
Detected after financial industry sources spotted a pattern of fraudulent charges on customer cards that had all recently been used at Mandarin hotels, Mandarin did not say how many of the company’s locations worldwide may be impacted, but banking industry sources say the breach almost certainly impacted most if not all Mandarin hotels in the United States, including locations in Boston, Florida, Las Vegas, Miami, New York, and Washington, D.C. Sources also say the compromise likely dates back to just before Christmas 2014.
Mark James, security specialist at ESET, said: “With hotels in 27 countries reported to consist of over 10,000 rooms, there’s a lot of information here that could generate lots of cash if full credit card data is included in the breach. The clientele at these establishments are worth a lot of money, therefore their credit cards will be a very big windfall for someone on the underground card market.
“Mandarin Oriental will need to limit the fallout of this breach as quickly and efficiently as they can. Information is key here and getting that out to the affected users as quickly and concisely as possible will help towards keeping their reputation and their customers.
“A lot of people these days accept the fact that their data online is not safe and will be subjected to theft at some point. It’s how companies affected by data breaches react and recover that sets them apart from the others.”