Global, luxury hotel chain, Mandarin Oriental, confirmed yesterday that the company's credit card processing system had been successfully hacked. According to online news sources, the breach apparently occurred in late 2014 and was discovered when a pattern was identified in a series of fraudulent payments within the hotel's payment systems.
In a statement to the press, the hotel group said that the malicious, data stealing software had infected point of sale systems at some of their 45 locations world-wide, though the exact number of affected hotels remains undisclosed. Though the source of the malicious code is still unknown, only credit card numbers have been confirmed as compromised and other data, such as security codes and customers' personal data have not been reported leaked.
"It should be interesting to see how much the stolen cards are worth, when and if and they go up for sale in the underground card markets," cyber-security expert, Brian Krebs, writes on his blog. Reflecting on the “high rollers” that the luxury hotel brand attracts, Krebs guesses the cards would “fetch a pretty penny.”
Mandarin Oriental has advised its customers who stayed at its hotels in Europe and the US to watch their credit card statements for suspicious activity and has also passed the alert to other hotel chains that might be vulnerable to the malware, which has since been removed from the Mandarin Oriental's systems.