Some of Mandarin Oriental's point-of-sale systems at some of its luxury hotels in the US and Europe were infected with malware capable of stealing customer card data, the company said today.
In a jarring claim, the company said the malware is undetectable by all anti-viral systems that it uses.
The company did not explain what prompted it to search for the malware.
Brian Krebs, data privacy blogger at Krebs on Security wrote that the company became aware of a problem when there was a series of fraudulent purchases brought to its attention.
The company didn't say exactly which hotels were affected. But Krebs said sources told him that it was mainly hotels in the US around December 2014.
In a statement, the hotel group confirmed the attack:
“We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue....
The breach has only affected credit card data and not any other personal guest data, and credit card security codes have not been compromised....
The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio.”
Krebs speculates that the malware was inserted in payment terminals at restaurants and other businesses located inside of these hotels, rather than at the front desk.
MORE: Credit Card Breach at Mandarin Oriental
EARLIER: Hack attack on some United and American accounts, 20 other travel sites
Ongoing: Hilton’s loyalty program hackers continue selling account access
NB: Image of security hack via Shutterstock.com.