Millennium Hotels & Resorts North America (MHR) is warning customers that malware may have affected its food and beverage point-of-sale (POS) systems.
The breaches occurred at 14 locations, reportedly.
MHR first learned about a possible malware infection, which is believed to have occurred in early March 2016, from the US Secret Service, according to reports on US tech sites.
The company has hired a third-party forensics company to investigate the incident, but no malware has yet turned up on any MHR systems.
US federal agents worked with MHR to take the affected POS terminals offline in June 2016.
Shaun Treacy, MHR’s North American president, began warning customers to watch out for signs of payment card fraud. As quoted in a statement:
“We urge customers who visited our US hotels between early March and the end of June this year to check their payment card records and to report dubious transactions to their card operators immediately.
“We also urge customers to take advice from their card operators on any further recommended security precautions. The Millennium Hotels & Resorts team, above all, values its customer relationships and is committed to protecting customers’ payment card information. Since being informed of this incident, we have taken a number of steps to ensure that this commitment is met in full.”
Bleepingcomputer.com points out that the incident is a bit different from other hotel POS breaches. MHR has made no mention of having received reports of dubious transactions or payment card fraud from its customers.
The question remains: where is the malware?
Written by William Sykes