Hyatt Hotels suffer second credit card breach in as many years

Malware discovered lurking in 41 Hyatt hotels

Data breach

The Hyatt Hotel chain has suffered a second breach of credit card data in under two years, with around 41 hotels globally are said to be affected.

According to a statement issued by the company, it discovered signs of, and then resolved unauthorised access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between 18 March and 2 July this year. 

Advertisement - Article continues below

According to Chuck Floyd, global president of operations at Hyatt Hotels Corporation, when the hotel discovered the breach it launched a comprehensive investigation to understand what happened and how this occurred. This included engaging third-party experts, payment card networks and authorities. 

"Based on our investigation, we understand that such unauthorised access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems," he said.

Floyd added that its measures and additional layers of defence implemented over time helped to identify and resolve the issue. He said that there was no indication that information beyond that gained from payment cards cardholder name, card number, expiration date and internal verification code was involved.

"As a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide," he said.

Advertisement
Advertisement - Article continues below

Floyd said that it was estimated that the incident affected a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period. He added the available information and data does not allow Hyatt to identify each specific payment card that may have been affected. 

Advertisement - Article continues below

"It's important to Hyatt that we notify guests and provide helpful information about steps they can take, and we have directly contacted all guests for whom we have appropriate contact information that checked in to an affected hotel during the at-risk dates. As always, the primary step customers can take is to review their payment card account statements closely and report any unauthorised charges to their card issuer immediately," said Floyd.

This is not the first time that Hyatt customers have been the victim of a credit card breach. In August last year, customers at 20 US hotels may have had their credit card details exposed to hackers after malware was discovered on the properties' point-of-sale (POS) systems.

The hotels are run by a hotel management business, HEI Hotels and Resorts, but operate under big-name brands like Marriott, Hyatt and InterContinental Hotels Group (IHG).

 A list of affected hotels and respective at-risk dates is available here.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

2 Mar 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020