At Mandarin Oriental, the safety and security of our guests remains a priority. The following statement and FAQ’s are designed to provide regular updates on the current situation as new information becomes available.
Mandarin Oriental confirms that the credit card systems in a limited number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has taken, and is continuing to take, all necessary steps to contain the situation. We have identified and removed malware and are coordinating with credit card agencies, law enforcement authorities and forensic specialists to fully protect our guests and our systems across our portfolio. We take the protection of customer information very seriously. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and we have therefore also alerted our technology peers in the hospitality industry.
What caused the breach?
The incident is a direct result of an unauthorized cyber-attack. Despite the Group’s leading data security systems, this malware was undetectable by all anti-viral systems. By working with forensic experts Mandarin Oriental moved swiftly to remove offending malware.
If I stay at one of your hotels, is my personal information safe?
Guests can be confident that security protocols are being thoroughly tested at all hotels to protect guest information and prevent a recurrence of such an attack. The Group has also put additional security measures in place and is working to ensure everything possible is being done to protect our guests’ personal information.
Which hotels have been affected?
Only a limited number of hotels in the US and Europe have been affected, and none in Asia. The forensic investigation is still underway and we are unable to confirm any specific hotel details at this time.
How do I know if my credit card has been compromised?
If you are concerned or suspect any unauthorized activity on your card, we recommend you contact your credit card provider directly.
What personal information was compromised?
From the information we have to date, the breach has only affected credit card data, but not pin numbers or the 3 to 4 digit security code required for manual authorization (commonly known as the CVV2 code), and no other personal guest data has been compromised.
Do you have further details to share?
The forensic investigation is still underway and will take time to complete. We appreciate your patience and will continue to provide updates as they become available.
For media enquiries please contact:
Brunswick Group Ltd, 12/F Dina House, Ruttonjee Centre, 11 Duddell Street, Central, Hong Kong SAR, China
Tel +852 3512-5000 Direct +852 3512-5079 Mobile +852 9721-1779