Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Millennium Hotels & Resorts Investigating Possible PoS Breach

Millennium Hotels & Resorts North America (MHR) informed customers on Thursday that it’s investigating a possible breach involving the point-of-sale (PoS) systems at over a dozen of its locations in the United States.

Millennium Hotels & Resorts North America (MHR) informed customers on Thursday that it’s investigating a possible breach involving the point-of-sale (PoS) systems at over a dozen of its locations in the United States.

The company has hired a third-party forensics company to investigate the incident, but no malware has been found to date on any MHR systems. The information received by the hotel chain suggested that the systems processing customer payment cards, particularly at food and beverage facilities, may have been compromised between early March and mid-June.

MHR was first notified by the U.S. Secret Service and later by a third-party service provider that supplies and services the affected PoS systems. The service provider in question said it had “detected and addressed malicious code in certain of its legacy point of sale systems, including those used by MHR.”

This sounds like the third-party vendor could be Oracle-owner MICROS, which advised customers earlier this month to change their passwords after it detected malicious code on some legacy systems. MICROS was reportedly breached by a cybercrime group that targeted at least five other PoS vendors.

SecurityWeek has reached out to MHR to learn if the incident it’s investigating is related to the MICROS breach. The company says the third party is a significant supplier of PoS systems in the hotel industry, but has refused to disclose its name. 

MHR said the security incident could affect PoS systems at 14 of its hotels in the United States. MHR North America operates 14 hotels in New York City, Los Angeles, Boston, Chicago and other cities in the Unites States, which means all its U.S. hotels could be affected.

There is no evidence that hotel property management and booking systems are impacted, MHR said. The company claims to have implemented additional security measures as recommended by its PoS service provider.

Earlier this month, HEI Hotels & Resorts informed customers that 20 of the hotels it operates in the U.S. are affected by a security breach involving payment card information. HEI operates more than 50 hotels in the United States, including Starwood, Marriott, Hilton, IHG Intercontinental and Hyatt properties.

Advertisement. Scroll to continue reading.

Several other hotel chains have been targeted recently by cybercriminals, including Kimpton, Hard Rock Hotel & Casino Las Vegas and Omni Hotels.

*Updated with information from MHR

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.