Credit card hackers are at it again, this time stealing information from Mandarin Oriental hotel guests.
Luxury hotel chain Mandarin Oriental has confirmed that a number of its hotels were subject to a major security breach, and hackers have made off with guests’ credit card information.
What happened? A number of fraudulent charges began appearing on credit card accounts, and cybersecurity blog Krebs on Security reported that banking industry sources said the hotel was the common factor for many. The cybersecurity news website revealed that point-of-sale terminals were infected with malware capable of stealing card details from restaurants and other businesses located within the hospitality establishments, not so much the front desk.
Who was affected? A majority of Mandarin Oriental’s 24 locations worldwide, ranging from Shanghai to Barcelona, may have been subject to the cyberattack, but the report claims most, if not all, of the chain’s U.S. establishments — including New York, Washington, D.C., Boston and Las Vegas — were likely impacted.
When did it occur? The company didn’t say which locations were affected exactly, or when cybercriminals made off with the data. However, sources told the blog that the attack may have started sometime around December 2014.
What they’re saying: “Mandarin Oriental can confirm that the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio.Unfortunately incidents of this nature are increasingly becoming an industry-wide concern,” the company told Krebs.
Given the chain’s upscale clientele, it wouldn’t be too surprising for the credit card numbers fetch a couple of big bucks if they end up on the black market. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network and its devices are protected?