Mandarin Oriental Hotel Chain Hacked

Luxury hotel chain Mandarin Oriental was recently hit by credit card thieves. In a statement released to the press on 5 March, Mandarin confirmed a breach in the company’s credit card systems and reported that an “isolated number” of hotels in the U.S. and Europe were affected. Mandarin identified and removed malware on its systems believed to be responsible for the breach, and the company is working with law enforcement to protect guests’ information and secure the rest of Mandarin’s systems.

Companies like Mandarin Oriental are high-profile targets for credit card thieves due to having an upscale clientele. According to the Forbes Travel Guide, the average price for a basic room is $850 a night. Stolen credit card information from Mandarin’s guests “would fetch a pretty penny” on the black market, says security researcher Brian Krebs. However, Mandarin Oriental isn’t providing many details about the incident and is somewhat dismissively calling it “yet another major data breach”.

Credit Card Heist at Mandarin Oriental – Legacy POS to Blame?

Mandarin Oriental Hotel Chain HackedIt’s true that major data breaches are becoming increasingly common. Just recently, Uber revealed that 50,000 drivers had their information compromised. Last year, Home Depot suffered a breach similar to the one Mandarin is now going through. Legacy point-of-sale systems like the one Mandarin used are often vulnerable to these types of incidents. Many POS terminals are still running Windows XP, even though Microsoft officially ended support for the 14-year-old operating system. According to the hotel group, the malware responsible for the heist “is undetectable by all anti-viral systems”. Mandarin stated that they have “put additional security measures in place,” though the company isn’t offering specific details.

For now, Mandarin Oriental recommends that hotel guests monitor their credit card activity and report any suspicious transactions to their credit card company. But the question many are asking is, how many data breaches will it take for companies to take customer security seriously?

Featured image from Mandarin Oriental Hotel Group.

I've always been interested in the latest stuff in science and technology, and I'm currently a freshman undergraduate electrical engineering student at the University of Texas at Austin.