The Mandarin Hotel Group has confirmed it is investigating a security breach that could have affected the credit cards of many top celebrities and other high-flying guests around the world.
The luxury hotel chain has two dozen hotels around the world in major cities such as London, Paris, New York, Barcelona, Hong Kong, Shanghai and Macau.
It offers everything from luxury shopping and award-winning spa treatments to a personal butler service and five-star dining, with room prices starting at $850 (£557) for a basic room at the Mandarin Oriental New York City.
Mandarin hotels cater to the "high-flyer crowd", which includes the likes of businessmen and women, politicians, socialites and international celebrities such as Dame Helen Mirren, Sigourney Weaver, Martin Freeman, Liam Neeson, Kevin Spacey, Lucy Liu, Sophie Marceau and fashion designer Christian Louboutin.
Many customers of the Mandarin Orient have credit cards with high or even no limits, meaning if these cards were stolen, they would be worth a fortune on the black market.
"The credit card numbers alone, sold online, could be worth double-digits apiece even before being used to tap consumer lines of credit," Kevin Epstein, VP of advanced security and governance at Proofpoint, told IBTimes UK.
"This theft could easily net the initial attackers many millions of dollars, with subsequent fraudulent use of the cards raising that by an order of magnitude or more.
"Criminals will likely make less than the Mandarin Oriental will lose in terms of lost sales, costs of consumer notification, breach cleanup and the like."
Data breach dates back to December 2014
It is not known how many of the hotels have been affected but, according to cybersecurity researcher Brian Krebs, banking industry sources believe the data breach dates back to December 2014 and has likely impacted "most if not all" of the seven Mandarin hotels in the US.
The hotel launched the investigation after receiving numerous complaints of fraudulent charges being made on its customers' credit cards.
Mandarin Hotel Group said: "We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue.
"Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected."
It is possible the credit card details that have been stolen were swiped on compromised payment terminals at restaurants and shops in Mandarin hotels, rather than from the hotel's front desk.
A similar case occurred in January when White Lodging, the owner of several hotel franchises including the Hilton, Marriott, Holiday Inn, Westin and Sheraton, discovered an extensive data breach that exposed credit and debit card information belonging to thousands of guests that stayed in some of its hotels in 2013.