Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Millennium Hotels & Resorts Investigating Possible PoS Breach

Millennium Hotels & Resorts North America (MHR) informed customers on Thursday that it’s investigating a possible breach involving the point-of-sale (PoS) systems at over a dozen of its locations in the United States.

Millennium Hotels & Resorts North America (MHR) informed customers on Thursday that it’s investigating a possible breach involving the point-of-sale (PoS) systems at over a dozen of its locations in the United States.

The company has hired a third-party forensics company to investigate the incident, but no malware has been found to date on any MHR systems. The information received by the hotel chain suggested that the systems processing customer payment cards, particularly at food and beverage facilities, may have been compromised between early March and mid-June.

MHR was first notified by the U.S. Secret Service and later by a third-party service provider that supplies and services the affected PoS systems. The service provider in question said it had “detected and addressed malicious code in certain of its legacy point of sale systems, including those used by MHR.”

This sounds like the third-party vendor could be Oracle-owner MICROS, which advised customers earlier this month to change their passwords after it detected malicious code on some legacy systems. MICROS was reportedly breached by a cybercrime group that targeted at least five other PoS vendors.

SecurityWeek has reached out to MHR to learn if the incident it’s investigating is related to the MICROS breach. The company says the third party is a significant supplier of PoS systems in the hotel industry, but has refused to disclose its name. 

MHR said the security incident could affect PoS systems at 14 of its hotels in the United States. MHR North America operates 14 hotels in New York City, Los Angeles, Boston, Chicago and other cities in the Unites States, which means all its U.S. hotels could be affected.

There is no evidence that hotel property management and booking systems are impacted, MHR said. The company claims to have implemented additional security measures as recommended by its PoS service provider.

Earlier this month, HEI Hotels & Resorts informed customers that 20 of the hotels it operates in the U.S. are affected by a security breach involving payment card information. HEI operates more than 50 hotels in the United States, including Starwood, Marriott, Hilton, IHG Intercontinental and Hyatt properties.

Advertisement. Scroll to continue reading.

Several other hotel chains have been targeted recently by cybercriminals, including Kimpton, Hard Rock Hotel & Casino Las Vegas and Omni Hotels.

*Updated with information from MHR

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.