September 13, 2016
Point Of Sale System Security Questioned As MHR Reports Breach
Shaun Treacy, the President of MHR (Millennium Hotels and Resorts) North America, has recently sent a communication to guests who stayed at some of the company’s locations between March and June of 2016. In his letter, he warns that an unnamed form of malware was discovered on some of the company’s Point of Sale systems, and that they should be on their guard and monitor their credit card statements for signs of suspicious activity.
By now, this is a fairly common occurrence. Over the last two years, a number of hospitality chains have faced similar breaches, and have had to issue similar warnings to guests who have stayed with them. While the event itself, and Mr. Treacy’s response to it are fairly ordinary and common features of today’s business landscape, there are a few details about this particular case that are unusual and noteworthy.
First, there’s the fact that the US Secret Service informed the company of the breach. That’s not normally their area, so how they came by the knowledge is currently unknown, and will likely remain so, given the nature of that organization. On the heels of the notification, Federal agents worked with the company to isolate the impacted terminals and remove them from the company’s network.
Secondly, and every bit as interesting, is the fact that as part of the company’s response to the reported breach, they hired a digital forensic analysis team to help track down the origins of the software. To this point, no trace of malware has been found on any of the impacted systems, so where did it go?
That remains unknown at this point. Nonetheless, if you received a letter from Mr. Treacy regarding your stay at one of their locations, the best thing you can do is monitor your credit card statements each month, and let your credit card provider know what is happening. If you want to be even more cautious, report your compromised card and have a new one issued.