Luxury hotel chain confirms hack attack
Hotel chain Mandarin Oriental has confirmed that credit card data has been stolen in a hack attack on the company's network.
The data went astray from card processing systems in the company's hotels in the US and Europe.
Mandarin Oriental has not said exactly how many hotels were hit nor how much data has gone missing.
It said it was carrying out an investigation and would provide more details when it had them.
In a statement, the Mandarin Oriental Group said point-of-sale systems at some of the 45 hotels it runs had been infected with malicious data-grabbing software.
"While the group has leading data security systems in place, this malware is undetectable by all anti-viral systems," it said.
The statement said the malware had been removed as soon as it had been detected.
The hotel chain is working with security companies to find out how the malicious code got on to its systems in the first place.
An alert about the malware had been passed on to other hotel chains, it said.
As far as it could tell, said the statement, only credit card numbers had been stolen. Other security codes used in conjunction with payment cards had not been taken nor had any personal details.
It advised people who had stayed at its hotels in US and Europe to keep an eye on credit and debit card statements to spot anomalies.
In a blogpost, security expert Brian Krebs said the breach seemed to date to just before Christmas 2014. He added that the breach was spotted by tracing a pattern of fraudulent payments back to systems used at Mandarin hotels.
"It should be interesting to see how much the stolen cards are worth, when and if and they go up for sale in the underground card markets," he said.
"I'm betting these cards would fetch a pretty penny," wrote Mr Krebs. "This hotel chain is frequented by high rollers who likely have high- or no-limit credit cards."