In response to the news that luxury hotel chain Mandarin Oriental has confirmed that its hotels have been affected by a credit card breach, Mark James, security specialist at ESET writes:
“With hotels in 27 countries reported to consist of over 10,000 rooms there’s a lot of information here that could generate lots of cash if full credit card data is included in the breach. The clientele at these establishments are worth a lot of money therefore their credit cards will be a very big windfall for someone on the underground card market.
The very first thing that anyone should do if they suspect they are one of those affected by this breach is review their affected credit card accounts for any unauthorised activity. I would hope that the chain will offer some kind of free credit monitoring service and it is advised that you sign up immediately. If Mandarin Oriental are taking their time then sign up to one anyway, it’s a small cost for what you get.
You also need to review all the information you used when you opened accounts or booked rooms using these hotels, if this information has been stolen as well then that could be used to steal your identity and open future accounts in your name. Remember you do not need to tell the truth when setting secret questions and answers, you only need to remember what your answers are in case you need to retrieve account information, and lastly you may want to consider cancelling or changing your credit card to be 100% safe, but of course there’s a lot of potential stress in doing that.
Mandarin Oriental will need to limit the fallout of this breach as quickly and efficiently as they can. Information is key here and getting that out to the affected users as quickly and concisely as possible will help towards keeping their reputation and their customers. A lot of people these days accept the fact that their data online is not safe and will be subjected to theft at some point. It’s how companies affected by data breaches react and recover that sets them apart from the others. Free credit monitoring for all affected parties is a must, along with information on how, when and what they are doing to stop it from happening again.”