Hyatt made an announcement yesterday that malware had been detected on its on property payment processing systems and credit card info had been exposed.
Hyatt doesn’t disclose whether this malware has been detected only in select properties in the United States or if this issue is more widespread.
You can access Hyatt’s announcement of this breach here.
Here’s the information:
Protecting customer information is of critical importance to Hyatt, and we take the security of your payment card data very seriously. We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations. As soon as we discovered the activity, we launched an investigation and engaged leading third-party cyber security experts.
The investigation is ongoing, and updates will be posted here at www.hyatt.com/protectingourcustomers. We have taken steps to strengthen the security of our systems, and customers can feel confident using payment cards at Hyatt hotels worldwide.
As always, we encourage customers to review their payment card account statements closely and to report any unauthorized charges to their card issuer immediately. Payment card rules generally provide that cardholders are not responsible for unauthorized charges that are timely reported.
Customers may call 1-877-218-3036 (U.S. and Canada) or +1-814-201-3665 (International) from 7 a.m. to 9 p.m. EST if they have questions.
Sincerely,
Chuck Floyd
Global President of Operations
Hyatt Hotels Corporation
Conclusion
There have been breaches with Marriott, Hilton and SPG this year. The malware has usually been detected on payment systems that handle on property payments from bars, restaurants or gift shops. At least with other hotels, the malware has not infected the payment systems handling the folio payments.
It would have been better had Hyatt actually named the properties where this malware has been detected and emailed members that stayed at them. Merely posting a note on its website is not enough.
Credit card companies should make these business to pay for the replacement of cards and potential fraudulent charges incurred due to their lax handling of credit card information. I doubt that anything will happen before they get hit with million dollar fines.
