Hyatt Hotels hit by credit card data-stealing malware - again

Hotel group says guests who stayed at 41 of its properties between March and July this year could have had their details stolen by hackers
Written by Danny Palmer, Senior Writer

The Grand Hyatt Kauai Resort and Spa in Hawaii is among those affected by the latest breach.

Image: Hyatt Hotels

Hackers have infected Hyatt Hotels' payment card systems with malware and have potentially stolen visitor names and credit card details for the second time in as many years.

In a statement Hyatt Hotels Corporation president of operations Chuck Floyd said the company has "discovered signs of and then resolved unauthorized access to payment card information" from cards entered manually or swiped at the front desk of some Hyatt hotels between March 18, 2017 and July 2, 2017.

In total, 41 hotels are affected, almost half of which are in China. Irregular activity has also been detected in Hyatt hotels in Brazil, Columbia, Guam, India, Indonsesia, Japan, Mexico, Puerto Rico, South Korea and Hawaii in United States.

Upon discovering the unauthorized access, Hyatt launched an investigation alongside "third-party experts", payment card networks and the authorities. The investigation found that the data breach can be traced back to "an insertion of malicious software code from a third party onto certain hotel IT systems."

The company hasn't provided figures on the number of guests who have fallen victim to the credit card data thieves, only that it's a "small" number of them, but Hyatt says it has contacted all the guests who used the payment card systems at the infected hotels during the at-risk dates.

A Hyatt spokesperson told ZDNet its cyber security team discovered signs of suspicious activity in July, with customers being notified yesterday (12th October) following the conclusion of the investigation.

Hotel guests are advised to closely review their credit card statements regularly and report any unauthorized activity to their bank as soon as anything is noticed.

"This incident is something we take seriously, and we are sorry for the inconvenience and concern this may cause our guests," said Floyd.

The company says it is has implemented additional security measures to strengthen the security of its systems and that "Customers can confidently use payment cards at Hyatt hotels worldwide".

It's the second time the hotel group has been hit with malware recently: last year, the hotel group revealed that almost half its properties had fallen victim to payment data stealing malware.

ZDNet contacted Hyatt Hotels for additional comment, but had not received a response as of the time of publication.


Editorial standards