Mandarin Oriental can confirm that the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio. We take the protection of customer information very seriously. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.
What steps have been taken to resolve this issue?
Mandarin Oriental moved swiftly to address this issue by working with forensic experts and has removed the offending malware. While the Group has leading data security systems in place, this malware is undetectable by all anti-viral systems. Guests can be confident that security protocols are being thoroughly tested at all hotels to protect guest information and prevent a recurrence of such an attack.
While we have executed additional security protocols, we do not wish to disclose specific details of our security measures.
Which hotels have been affected?
We can confirm that only an isolated number of hotels in the US and Europe have been affected, and none in Asia. The forensic investigation is still underway and we are unable to confirm specific hotel details at this time.
How did the breach happen?
The incident is a direct result of an unauthorized cyber-attack. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and therefore we have also alerted our technology peers in the hospitality industry.
How do I know if my credit card has been compromised?
If you suspect any unauthorized activity on your card, we recommend you contact your credit card provider directly.
If I stay at one of your hotels, is my personal information safe?
The Group has put additional security measures in place at all hotels and is working to ensure everything possible is being done to protect our guests’ personal information.
We can confirm that only an isolated number of hotels in the US and Europe have been affected. Moreover, from the information we have to date, the breach has only affected credit card data and not any other personal guest data, and credit card security codes have not been compromised.
Should you suspect any unauthorized activity on your card, we recommend you contact your credit card provider directly.
Do you have further details to share?
We are currently unable to confirm specific details because the forensic investigation is still underway. We will continue to provide updates as they become available.