Hyatt Adds to the List of Hacked Hotels


What happened? 

On January 14, Hyatt Hotels Corporation disclosed the results of their data breach investigation into the compromise of their payment-processing systems.

The company said malware, which is used to steal customer payment card data, was present on their systems from August 12 to December 8. Hyatt believes there is an additional “at-risk window” beginning July 30 for a limited number of locations.

The attack was particularly pervasive, spanning 250 Hyatt proprieties in 50 countries.

Exposed data includes cardholder name, card number, expiration date and internal verification code. Criminals can use this information to make fraudulent online purchases or clone cards.

The investigation was prompted after experts tied a large-scale pattern of fraud to customers who used their credit or debit card at a Hyatt location. The majority of leaked data came from customers who shopped at on-site spas, golf shops, parking facilities and a limited number of hotel front desks.

The Hyatt data breach follows a string of hotel data breaches, including attacks on Starwood Hotels & Resorts (parent company of Sheraton and Westin) and Hilton Worldwide.

What should you do?

  1. Review impacted locations
    This attack spans the globe, with impacted locations stretching from the United States to Tajikistan. It’s vital that frequent Hyatt guests review the list of impacted locations. If you made a purchase at an on-site retailer during the window of exposure, please take the necessary precautions to safeguard your financial accounts.
  2. Check bank statements
    Regularly review bank statements for signs of fraud. Contact your financial institution immediately if you believe your information has been compromised. Remember, you will not be liable for fraudulent charges as long as those transactions are reported quickly.
  3. Enroll in identity protection services
    Hyatt is providing potentially impacted guests with one year of free identity protection services. Concerned customers should contact 855-568-2999 to take advantage of this offer.

Fighting Identity Crimes will keep you updated as new information becomes available about the Hyatt data breach. Be sure to subscribe to our blog to stay up-to-date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.