Millennium Hotels & Resorts North America Informed of Potential Data Security Incident; Investigation Underway, Security Strengthened

DENVER–(BUSINESS WIRE)–Millennium Hotels & Resorts North America (MHR) has become aware of a
data security incident involving food and beverage point of sale systems
at 14 of its hotels in the United States.

The company advises customers to review their payment card account
statements closely and to report unauthorized charges to their card
issuer immediately. Payment card rules generally provide that
cardholders are not responsible for unauthorized charges that are
reported in a timely manner.

The company has engaged third-party cyber forensic experts to
investigate the incident. To date, the investigation has not identified
the presence of “malware” on any MHR systems. Initial information
suggests that the incident affected point of sale systems that processed
customer card payments — primarily within food and beverage facilities
operating at the hotels — between early March, 2016 and mid-June, 2016.

MHR originally was notified of the incident by the U.S. Secret Service
and took immediate steps to investigate and isolate the card processing
elements of the affected point of sale systems, which were promptly
taken offline.

Subsequently, MHR was notified by a third-party service provider — that
supplies and services the affected point of sale systems — that it had
detected and addressed malicious code in certain of its legacy point of
sale systems, including those used by MHR. MHR immediately adopted
additional security measures as recommended by the third party service
provider.

The affected point of sale systems are separate from other MHR systems,
including MHR’s hotel property management and booking systems. The
results from MHR’s current investigation do not indicate compromise of
those other systems.

Shaun Treacy, President, North American for MHR, said: “We urge
customers who visited our U.S. hotels between early March and the end of
June this year to check their payment card records and to report dubious
transactions to their card operators immediately. We also urge customers
to take advice from their card operators on any further recommended
security precautions. The Millennium Hotels & Resorts team, above all,
values its customer relationships and is committed to protecting
customers’ payment card information. Since being informed of this
incident, we have taken a number of steps to ensure that this commitment
is met in full.”

Contacts

Millennium Hotels & Resorts North America
Media Contact:
Peter
Krijgsman, +44 (0) 20 7872 2444
peter.krijgsman@millenniumhotels.co.uk