Mandarin Oriental luxury hotel chain suffers credit card data breach

The Mandarin Hotel Group has confirmed that it is investigating a security breach at its hotels after receiving numerous complaints of fraudulent charges being made on its customers' credit cards.

The luxury hotel chain has two dozen hotels around the world in major cities such as London, Paris, New York, Barcelona, Hong Kong, Shanghai and Macau, but it is not known yet how many of the hotels have been affected.

However, according to cybersecurity researcher Brian Krebs, banking industry sources believe the data breach dates back to December 2014 and has likely impacted "most if not all" of the seven Mandarin hotels in the US.

"We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue," the company said in a statement.

"Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected."

As Mandarin hotels tend to tailor to the "high flyer" crowd with room prices starting at $850 (£557) for a basic room at the Mandarin Oriental New York City, the credit cards that have been stolen might well have high or even no limits, meaning that they would be worth a lot of money on the black market.

Krebs says it is possible the credit card details that have been stolen were swiped on compromised payment terminals at restaurants and shops in Mandarin hotels, rather than from the hotel's front desk.

A similar case happened in in January 2014 when White Lodging, the owner of several hotel franchises including the Hilton, Marriott, Holiday Inn, Westin and Sheraton discovered an extensive data breach that exposed credit and debit card information belonging to thousands of guests that stayed in some of its hotels in 2013.