Mandarin Oriental Hotels Become Latest Victim Of Credit Card Breach

Media Division | March 6, 2015

The Mandarin Oriental Hotel Group is now in the list of organizations falling victim to cyber criminals. The group confirmed that some of its hotel chains in Europe and the US had their credit card systems breached. The hotel luxury group has two dozen chains around the globe in major cities including Shanghai, Macau, New York, Paris, Barcelona, and London, but it isn’t aware of how many of its chains have been breached, yet.

The hotel offers a wide range of amenities including spa treatments, five-star dining, personal butler service and luxury shopping, with room prices beginning at £557 ($850) for a basic room at the New York City chain.

The hotel accommodates the luxury crowed, including politicians, businesswomen and men, and international celebrities like Martin Freeman, Dame Helen Mirren, Sigourney Weaver, Lucy Liu, Kevin Spacey, Christian Louboutin and Sophie Marceau. This means that most customers of the affected hotel chain have credit cards with a big or no limit at all; if one of such cards were stolen, they can be sold on the black market for a fortune.

The hotel group stated the following in a statement:

“Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.”

The cybersecurity news website, KrebsOnSecurity, first reported the incident on Wednesday.

The hotel chain revealed that it collaborated with forensic experts to get rid of the malware, which affected credit card systems at different hotels. None of the anti-virus systems were able to detect the malware. The hotel chain said that security protocols are being tested at all hotels to prevent a recurrence of the incident and to protect guest information. However, only scant details of the attack were released:

“We are currently unable to confirm specific details because the forensic investigation is still underway,” stated the hotel group. “We will continue to provide updates as they become available.”

The breach comes after a similar attack that occurred 12 months ago over hotel operator White Lodging, in which gift shops and restaurants within the Marriots, Sheratons, Hiltons, and Westins operated by the hotel chain were breached, exposing credit and debit card information of thousands of hotel guests in the process.

The latest breach, however, might turn out to be quite lucrative for cyber criminals. It is also being speculated that the breached credit card details were swiped on compromised POS terminals at shops and restaurants in Mandarin hotels, rather than from the front desk of the hotel.

“I’m betting these cards would fetch a pretty penny. This hotel chain is frequented by high rollers who likely have [high]- or no-limit credit cards,” wrote Krebs.

Massive provides credit card detection services to help hotel chains and other sectors to detect credit card fraud. The threat intelligence feeds provide in-depth information and several variables collected via raw data interception to enable security teams to take appropriate action.

By taking data from the black markets and dark web, the data streams display threat notification while allowing for in-depth analysis. You can read more about compromised bank and card detection here.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.