Hyatt Hotels suffered a malware data breach at about 40% of Hyatt brand hotels worldwide from August to December 2015. Malware primarily affected Hyatt restaurant transactions.
The malware was designed to collect payment card data – cardholder name, card number, expiration date and internal verification code – from cards used onsite as the data was being routed through affected payment processing systems. There is no indication that other customer information was affected.
Chuck Floyd, Global President of Operations
Hyatt Hotels Corporation
Hyatt Hotels will pay for One Year of CSID Protection
Hyatt is contacting members with at-risk transactions. Customers will be provided with one year of free CSID Protector services for your credit card account protection. You are eligible to receive these services if your payment card was used onsite at one of the affected Hyatt locations during the respective at risk dates. Click here for a list of affected Hyatt locations and respective at risk dates.
Hyatt encourages you to complete enrollment as quickly as possible. The enrollment period for CSID Protector coverage will close on April 12, 2016.
Here is the full message from Hyatt Hotels:
MESSAGE FROM GLOBAL PRESIDENT OF OPERATIONS
Hyatt completes payment card incident investigation
Dear Hyatt Guest,
Protecting customer information is critically important to Hyatt. We have been working tirelessly to complete our previously announced investigation regarding malware that targeted payment card data used at Hyatt-managed locations. We now have more complete information we want to share so that you can take steps to protect yourself.
The investigation identified signs of unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at restaurants, between August 13, 2015 and December 8, 2015. A small percentage of the at-risk cards were used at spas, golf shops, parking, and a limited number of front desks, or provided to a sales office during this time period. The at-risk window for a limited number of locations began on or shortly after July 30, 2015.
The malware was designed to collect payment card data – cardholder name, card number, expiration date and internal verification code – from cards used onsite as the data was being routed through affected payment processing systems. There is no indication that other customer information was affected.
The list of affected Hyatt locations and respective at-risk dates is available here. Additionally, for at-risk transactions where a cardholder’s name was affected, we are in the process of mailing letters to customers for whom we have a mailing address and sending emails to customers for whom we only have an email address.
We worked quickly with leading third-party cyber security experts to resolve the issue and strengthen the security of our systems in order to help prevent this from happening in the future. We also notified law enforcement and the payment card networks. Please be assured that you can confidently use payment cards at Hyatt hotels worldwide.
Most importantly, we encourage you to remain vigilant and to review your payment card account statements closely. You should report any unauthorized charges to your card issuer immediately. Speak to your card issuer for details because, while card issuers’ policies related to fraud may vary, payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.
Additionally, Hyatt has arranged for CSID to provide one year of CSID’s Protector services to affected customers at no cost to them. CSID is one of the leading providers of fraud detection solutions and technologies. In order to activate CSID’s Protector coverage, affected customers in the U.S. may visit www.csid.com/hyatt-us and affected customers outside the U.S. may visit www.csid.com/hyatt-intl to complete a secure sign up and enrollment process. You should also review the additional information in the Reference Guide on ways to protect yourself.
If you have questions or would like more information, please call 1-877-218-3036 (U.S. and Canada) or +1-814-201-3665(International) from 7 a.m. to 9 p.m. EST.
Please be assured that we take the security of customer data very seriously. We deeply regret the inconvenience and any concern this may have caused you.
Sincerely,
Chuck Floyd
Global President of Operations
Hyatt Hotels Corporation
In 2015 I had two credit cards with fraudulent activity, unrelated to Hyatt Hotels or my Hyatt Visa card. Early in 2015 someone purchased a $2,500 bicycle in New Jersey that prompted a credit card fraud alert and last month someone purchased $10,000+ in airline tickets with Turkish Airlines and Air France on my card. These were handled quickly over the phone and I received new credit cards.
Study your monthly credit card statements. Some hacker may be traveling on your dime?
From Hyatt Data Breach FAQ
Which locations were affected?
The list of affected Hyatt locations and respective at-risk dates is available at www.hyatt.com/protectingourcustomers.
Is it safe to use a payment card at Hyatt hotels and resorts?
Customers can confidently use payment cards at Hyatt hotels worldwide. We worked quickly with leading third-party cyber security experts to resolve the issue and strengthen the security of our systems in order to help prevent this from happening in the future.
What actions have you taken to ensure this does not happen again?
We have been working with leading third-party cyber security experts to ensure that this issue has been fully addressed and implement additional security measures to strengthen the security of our systems.
3 Comments
Comments are closed.