The Millennium Hotels & Resorts (MHR) has possibly been hit with POS malware. MHR North America received a warning from the U.S. Secret Service that its POS systems had been breached and payment card data had been stolen. The breach had possibly taken place between early March, 2016 and mid-June, 2016, at 14 of MHR’s hotels in the United States. Specifically, the food and beverage POS security had been breached and the systems had been compromised.
Shaun Treacy, President, North American for MHR, said: “We urge customers who visited our U.S. hotels between early March and the end of June this year to check their payment card records and to report dubious transactions to their card operators immediately. We also urge customers to take advice from their card operators on any further recommended security precautions. The Millennium Hotels & Resorts team, above all, values its customer relationships and is committed to protecting customers’ payment card information. Since being informed of this incident, we have taken a number of steps to ensure that this commitment is met in full.”
Generally, cardholders are not responsible for any unauthorized charges on their card that are reported within a specific time period. Hence, it is advisable that cardholders regularly monitor their payment card records and report doubtful transactions immediately to the concerned department.
MHR has engaged cyber forensic experts to study the breach and find out what happened. However, till now no information about the POS malware has been found. The investigation is continuing.
When MHR received the warning from the U.S. Secret Service it immediately took the suspected POS systems offline and initiated the investigation. Additionally, one of MHR’s third-party service providers – who supplies POS systems – reported that POS malware had been detected in some of the POS systems.
Details about the POS malware, how the POS security was breached, or how the malware infiltrated the POS systems are not yet known. MHR has meanwhile upgraded its data and web security measures to protect payment card data.
MHR also uses POS systems for hotel property management and booking systems. These systems have not been compromised.
Whatever the outcome of the investigation maybe, it shows that a robust POS security system must be put in place to prevent breaches by POS malware. Customers must studiously monitor their payment card details and look out for fraudulent transactions and report them to the concerned authorities immediately.
