Mandarin Oriental reveals details of credit card security breach

Mandarin Oriental has revealed that its London hotel was one of several which suffered a security breach involving the credit card details of a number of guests.

The Hyde Park five-star hotel in the capital was affected by the breach between 18 June 2014 and 5 March 2015.

Earlier this year the company confirmed "an isolated number" of its properties in Europe and the US were impacted by the security breach, but would not say which hotels.

The luxury hotel chain, which operates 27 hotels worldwide, launched a "forensic investigation" to determine the cause and is now able to reveal its findings.

In a statement, the group said: "After a thorough investigation, we now know more about the incident and are notifying affected guests.

"We have established a call centre that is prepared to address any questions our guests may have about the breach.

"We regret this incident occurred and are sorry for any inconvenience it may cause.

"We take the safety and security of our guests and their personal information very seriously, and the trust our guests place in us remains an absolute priority."

It added: "From our investigation, it appears that a hacker used malware to obtain access to certain credit card systems in a number of Mandarin Oriental hotels.

"We believe this hacker may have used the malware to acquire the names and credit card numbers of guests who used a credit card for dining, beverage, spa, guest rooms, or other products and service. We have not, however, found any evidence of acquisition or misuse of credit card pin numbers or security codes, or any other personal guest data."

The group said it removed the offending malware and began working with credit card agencies, law enforcement authorities and forensic specialists to put additional security measures in place to fully protect the personal information of guests. It also confirmed the hacker is no longer in the hotel's system.

Mandarin Oriental said the following hotels were affected by the security breach during the stated periods:

- Mandarin Oriental, Geneva between June 18, 2014 and March 3, 2015
- Mandarin Oriental, Hong Kong between June 18, 2014 and February 10, 2015
- Mandarin Oriental Hyde Park, London between June 18, 2014 and March 5, 2015
- Mandarin Oriental, Las Vegas between June 18, 2014 and October 16, 2014
- Mandarin Oriental, Miami between June 18, 2014 and March 3, 2015
- Mandarin Oriental, New York between June 18, 2014 and January 18, 2015
- Mandarin Oriental, San Francisco between June 18, 2014 and February 14, 2015
- Mandarin Oriental, Washington DC between June 18, 2014 and January 20, 2015
- The Landmark Mandarin Oriental, Hong Kong between June 18, 2014 and February 3, 2015

Any guests who believe unauthorised activity has taken place on their credit card are advised to contact their credit card provider directly.

Mandarin Oriental confirms breach in credit card security >>