Hyatt said Thursday that it found malicious software in about 250 of its hotels that may have exposed customers’ credit- and debit-card numbers and other information to hackers. It’s the first time the hotel operator has listed the hotels affected
Hyatt said Thursday that it found malicious software in about 250 of its hotels that may have exposed customers’ credit- and debit-card numbers and other information to hackers.
It’s the first time the hotel operator has listed the hotels affected since it announced it found malware at its hotels in December.
The hotel chain does not know at this time how many customers were affected, a Hyatt spokeswoman said.
The Grand Hyatt Kauai Resort & Spa in Poipu was one of the affected sites.
Stephanie Sheppard, Hyatt manager of corporate communications in Chicago, told The Garden Island, “Protecting customer information is critically important to Hyatt, and we take the security of customer data very seriously.”
“Hyatt worked quickly with leading third-party cyber security experts to resolve the issue and strengthen the security of its systems,” she wrote.
The Hyatt’s investigation identified signs of unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at restaurants, between Aug. 13, 2015 and Dec. 8, 2015. A small percentage of the at-risk cards were used at spas, golf shops, parking, and a limited number of front desks, or provided to a sales office during this time period.
The at-risk window for a limited number of locations began on or shortly after July 30, 2015.
The malware was designed to collect payment card data — cardholder name, card number, expiration date and internal verification code — from cards used onsite as the data was being routed through affected payment processing systems.
“We encourage customers to review their payment card account statements closely and report unauthorized activity immediately,” Sheppard wrote.
Hyatt said the malware was found at many of its brands, including the Park Hyatt, Hyatt Regency and Andaz. About 100 of the hotels affected were in the U.S. The rest were abroad in cities including London, Paris and Shanghai.
The Chicago-based company has about 630 properties.
Several other hotel chains reported being hacked last year, including Starwood, Trump Hotel Collection and Mandarin Oriental.
