Hyatt Hotels revealed that 250 of its resorts have been involved in the data breach suffered last year. In December the Hyatt Hotels Corporation issued an official announcement to inform its users that unknown hackers used a malicious code to steal credit card information from customers, the company did not provide information on the number of affected resorts or customers that have been impacted.
From July 13 and December 8 of last year, the malware has stolen users’ data including customer credit card numbers, names, expiration dates and verification codes.
“We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations. As soon as we discovered the activity, we launched an investigation and engaged leading third-party cyber security experts.” states a message published on the company web site.
“The investigation is ongoing, and updates will be posted here at www.hyatt.com/protectingourcustomers. We have taken steps to strengthen the security of our systems, and customers can feel confident using payment cards at Hyatt hotels worldwide.”
Hyatt informed that it has taken steps to improve the security of its systems.
The Hyatt Hotels Corporation has now confirmed that locations in 50 countries were impacted by malicious code that was used by attackers to harvest payment card information from PoS terminals at Hyatt restaurants, spas, golf shops, parking lots and check-in desks.
Users can check the impacted locations in this list, just need to select a country to view the affected resorts and date at risk.
Hyatt representatives confirmed that the malware has been completely eradicated from its payment systems and the company installed additional safeguards to prevent future intrusion.
“Protecting customer information is critically important to Hyatt, and we take the security of customer data very seriously,” said Hyatt global president of operations Chuck Floyd. “We have been working tirelessly to complete our investigation, and we now have more complete information that we want to share so that customers can take steps to protect themselves.”
The Luxury hotel chain is advising customers to monitor their bank statements and report any suspicious charges.
The Hyatt Hotels Corporation is offering a free identity protection service to customers who stayed at the compromised hotels from August to December 2015.
(Security Affairs – Hyatt Hotels Corporation, data breach)