Upscale hotel chain Mandarin Oriental Hotel Group confirmed today that the hotel has in fact been affected by a credit card breach.
Several financial institutions believe they have traced various patterns of fraudulent charges on cards of customers who have recently visited the Mandarin Oriental Hotel Group. The company did confirm are currently investigating the breach.
“We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue,” Mandarin Oriental Hotel Group said in an emailed statement to KrebsonSecurity when questioned on the breach. “Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.”
While leaving scarce details, Mandarin hotels did not choose to include how many of the company’s some two-dozen or so locations worldwide may have been impacted, but sources within the financial industry claim the breach almost certainly spans most if not all Mandarin Oriental hotels in the United States. The breach reached locations including Boston, Florida, Las Vegas, Miami, New York and Washington D.C. Sources also speculate the breach likely dates back to just before Christmas 2014.
Details on how cards may have been compromised was also not disclosed. Security experts believe cards may have been stolen from payment terminals within restaurants and other businesses located within the walls of the hotels. Such was the case with a breach at another hotel provider last year, disclosing that their breach only impacted restaurants and gift shops in affected hotels.
Due to the upscale title of the hotel, client cards may be worth an extra dollar on underground markets. Just last year the hotel chain averaged the price of a basic room in the New York City Mandarin hotel to exceed $850 per night.
Clients with high or no credit limits may top the list on the underground, allowing hackers to commit amass of fraudulent charges as the bounds of the card are unlocked.