CyberCrimeSecuritySecurity Management

Hyatt Hotels Suffers Another Card Breach

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Not again. Second data breach in two years as hotel chain admits hackers ‘checked out’ with payment card data

Hyatt Hotels has once again been the victim of a serious data breach, after it admitted that payment card details have been stolen from a number of its hotels.

It said that there had been “unauthorised access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations” between 18 March and 2 July 2017.

Guests staying at hotels in mostly the far east (China, Indonesia, Malaysia, Japan etc) have been affected, but hotels in South Korea, Saudi Ariaba, and the United States were also impacted.

asda security breach, data breach

Card Data

The admission that the hotel chain was hacked for the second time in two years came in a statement by Chuck Floyd, global president of operations.

“Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, including engaging leading third-party experts, payment card networks and authorities,” he said.

The investigation apparently found that the hackers were able to gain unauthorised access to card data because of the “insertion of malicious software code from a third party onto certain hotel IT systems.”

Floyd said that Hyatt’s enhanced cybersecurity measures and additional layers of defense implemented over time had helped to identify and resolve the issue, but obiviously not before customer payment card data was impacted.

There is no word yet on how many people this affects, but the hotel chain estimates it only impacted “a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period.”

“I want to assure you that there is no indication that information beyond that gained from payment cards – cardholder name, card number, expiration date and internal verification code – was involved, and as a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide,” said Floyd.

“It’s important to Hyatt that we notify guests and provide helpful information about steps they can take, and we have directly contacted all guests for whom we have appropriate contact information that checked in to an affected hotel during the at-risk dates,” Floyd added. “As always, the primary step customers can take is to review their payment card account statements closely and report any unauthorized charges to their card issuer immediately.”

“This incident is something we take seriously, and we are sorry for the inconvenience and concern this may cause our guests,” he concluded, before giving helpline numbers where concerned customers could contact.

Second Time

It should be noted that this is now the second time in two years that the Hyatt chain has been hacked.

In December 2015 Hyatt Hotels admitted that its payment systems were hit by credit-card-stealing malware.

It said that 250 of its hotels were affected, including some of its properties in the UK.

But Hyatt is not the only hotel chain to be hit by malware.

In 2015 Hilton revealed that some of its payment systems had been infected with malware that organised the theft of targeted customer information.

Prior to that, Starwood Hotels had also suffered a similar breach of its payment systems.

In October 2015 the Trump Hotel Collection confirmed a breach of its payment systems.

Mandarin Oriental has also experienced a similar breach, and hotel franchising firm White Lodging has also previously acknowledged a similar incident.

Do you know all about security in 2017? Try our quiz!