Connect with us

Hi, what are you looking for?



Millennium Hotels & Resorts Investigating Possible PoS Breach

Millennium Hotels & Resorts North America (MHR) informed customers on Thursday that it’s investigating a possible breach involving the point-of-sale (PoS) systems at over a dozen of its locations in the United States.

Millennium Hotels & Resorts North America (MHR) informed customers on Thursday that it’s investigating a possible breach involving the point-of-sale (PoS) systems at over a dozen of its locations in the United States.

The company has hired a third-party forensics company to investigate the incident, but no malware has been found to date on any MHR systems. The information received by the hotel chain suggested that the systems processing customer payment cards, particularly at food and beverage facilities, may have been compromised between early March and mid-June.

MHR was first notified by the U.S. Secret Service and later by a third-party service provider that supplies and services the affected PoS systems. The service provider in question said it had “detected and addressed malicious code in certain of its legacy point of sale systems, including those used by MHR.”

This sounds like the third-party vendor could be Oracle-owner MICROS, which advised customers earlier this month to change their passwords after it detected malicious code on some legacy systems. MICROS was reportedly breached by a cybercrime group that targeted at least five other PoS vendors.

SecurityWeek has reached out to MHR to learn if the incident it’s investigating is related to the MICROS breach. The company says the third party is a significant supplier of PoS systems in the hotel industry, but has refused to disclose its name. 

MHR said the security incident could affect PoS systems at 14 of its hotels in the United States. MHR North America operates 14 hotels in New York City, Los Angeles, Boston, Chicago and other cities in the Unites States, which means all its U.S. hotels could be affected.

There is no evidence that hotel property management and booking systems are impacted, MHR said. The company claims to have implemented additional security measures as recommended by its PoS service provider.

Advertisement. Scroll to continue reading.

Earlier this month, HEI Hotels & Resorts informed customers that 20 of the hotels it operates in the U.S. are affected by a security breach involving payment card information. HEI operates more than 50 hotels in the United States, including Starwood, Marriott, Hilton, IHG Intercontinental and Hyatt properties.

Several other hotel chains have been targeted recently by cybercriminals, including Kimpton, Hard Rock Hotel & Casino Las Vegas and Omni Hotels.

*Updated with information from MHR

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...