Luxury hotel chain Mandarin Oriental said today that a number of its hotels were subject to a major security breach, and hackers have made off with guests’ credit card information. The company didn't say which locations were affected, or when cybercriminals made off with the data.

A number of fraudulent charges began appearing on credit card accounts, and cybersecurity blog Krebs On Security reported that banking industry sources said the Mandarin Oriental was the common factor for many. Mandarin Oriental Hotel Group confirmed its findings on Wednesday, the blog said. 

“We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue,” the company told the blog. “Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.”

Nearly all of Mandarin Oriental’s 24 locations worldwide may have been subject to the cyberattack, but the report claims all of the chain’s U.S. locations -- including New York, Washington, D.C., Boston and Las Vegas -- were affected. Sources told the blog that the hack may have started sometime in December 2014.

Stolen credit card numbers often end up on black markets around the world, and the ones stolen from Mandarin Oriental could fetch big bucks due to the chain’s upscale clientele. The average price of a room at the New York City location is $850, according to the Forbes Travel Guide.