The global hotel chain Hyatt Hotels informed their customers this week that their credit card details may have been stolen as a direct result of a recent security breach.

Chuck Floyd (Global President of Operations for Hyatt Hotels) revealed in a statement that the security breach took place between March 18, 2017 and July 2, 2017 and affected 41 individual locations that are managed by the Hyatt Hotels group in 11 countries.

Chuck wrote, “Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, including engaging leading third-party experts, payment card networks and authorities. Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems. Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue.”

It is understood that the security breach allowed the attackers access to cardholder names, card numbers, expiration dates and internal verification codes used by the hotel group. While Hyatt maintain that no information was obtained that allow customers to be identified (other than their cardholder information), Hyatt customers who have been affected by the recent security breach, will most certainly face an increased risk of falling victim to credit card fraud.

This isn’t the first time that Hyatt Hotels have suffered a security breach that affected their customers cardholder data. In 2015, a security breach occurred when malware that was capable of stealing cardholder data was discovered on payment systems that were in use in Hyatt hotels and restaurants, affecting a staggering 250 hotels in around 50 countries.

References

https://www.hyatt.com/notice/protectingourcustomers/

https://krebsonsecurity.com/2016/01/hyatt-card-breach-hit-250-hotels-in-50-nations/