Mandarin Oriental has confirmed that the credit card systems in a number of its hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law.
The company has issued the following statement: “The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio. We take the protection of customer information very seriously. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.”
“While the Group has leading data security systems in place, this malware is undetectable by all anti-viral systems. Guests can be confident that security protocols are being thoroughly tested at all hotels to protect guest information and prevent a recurrence of such an attack.”
“While we have executed additional security protocols, we do not wish to disclose specific details of our security measures.”
An isolated number of hotels in the US and Europe have been affected, and none in Asia. The forensic investigation is still underway and the company is unable to confirm specific hotel details at this time.
The Group has put additional security measures in place at all hotels and is working to ensure everything possible is being done to protect our guests’ personal information. From the information available to date, the breach has only affected credit card data and not any other personal guest data and credit card security codes have not been compromised.