250 Hotels Impacted By 2015 Hyatt Data Breach

Hyatt says 250 of its hotels were affected by a major hack on the company’s payment systems last year, including some of its properties in the UK.

Locations in the US, Canada and Indonesia elsewhere were also impacted by malware that hijacked payment terminals to gain access to customer’s personal details, including names, card numbers and expiry dates.

Attacked

The attack took place over the course of several months late last year, giving hackers unauthorised access to details of cards used at “certain Hyatt-managed locations” – primarily restaurants, but also spas, parking lots and golf shops – between the dates of August 13, 2015 and December 8, 2015.

Some locations may also have been at risk from July 30, a Hyatt statement said, although there is no indication that any other customer information was affected.

However Hyatt only admitted the hack on Christmas Eve, saying that it discovered on November 30 that malware had infected its payment processing system.

The chain has now advised users to review their payment card account statements closely and report any unauthorised charges to their card issuer immediately. Hyatt also says it has now worked with ‘leading third-party cyber security experts’ to resolve the issue and strengthen the security of its systems in order to help prevent this from happening in the future.

Hyatt is now offering one year’s free protection from payment services specialists CSID to any customers who used their cards in one of the compromised hotels, giving them comprehensive coverage in case of any fraud occurring.

“Please be assured that we take the security of customer data very seriously. We deeply regret the inconvenience and any concern this may have caused you,” said Chuck Floyd, Hyatt Hotels’ global president of operations.

Are you a security pro? Try our quiz!