Cyber Incident Victim: Mandarin Oriental Hotel Group
Date:
Dec 2014
Location:
United States of America
Summary
Mandarin Oriental Hotel Group confirmed a credit card breach affecting point-of-sale systems at select U.S. and European properties, following reports of fraudulent charges. Malware infiltrating payment terminals enabled unauthorized access to customer card data, prompting the hotel chain to remove the malicious software and collaborate with credit card agencies, law enforcement, and forensic experts. The incident potentially compromised most U.S. locations, including high-traffic cities, with indications that compromised terminals in on-site restaurants or businesses—rather than front-desk systems—may have been the source. The breach reportedly involved high-value cards due to the clientele's profile, though the full scope remained under investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In March 2015, Mandarin Oriental Hotel Group confirmed a credit card breach affecting multiple properties following inquiries from KrebsOnSecurity. Financial industry sources had reported fraudulent charges on cards recently used at Mandarin hotels, prompting the investigation. The company acknowledged unauthorized access to credit card systems at an unspecified number of its US and European hotels through malware-infected point-of-sale systems. Mandarin Oriental stated the intrusion violated civil and criminal laws and emphasized it had removed the malware. The hotel group coordinated with credit card agencies, law enforcement, and forensic specialists to address the breach and protect customer information. While the company did not disclose the exact number of affected locations among its approximately two dozen global properties, banking sources indicated most US hotels were likely compromised.
The breach timeline traced back to late December 2014, with impacted US locations including hotels in Boston, Florida, Las Vegas, Miami, New York, and Washington, D.C. Evidence suggested card data theft might have occurred through compromised payment terminals in hotel restaurants or ancillary businesses rather than front desk systems, mirroring a prior incident involving White Lodging Services Corp. properties. Mandarin Oriental characterized the breach as part of broader industry-wide security challenges while maintaining its commitment to customer data protection. The company’s statement confirmed ongoing efforts to investigate, resolve the issue, and implement safeguards across its entire portfolio of hotels. No specific details regarding the number of compromised cards or financial impact were disclosed in the initial confirmation.