Image

Image

“The malware was designed to collect payment card data – cardholder name, card number, expiration data and internal verification code – from cards used onsite as the data was being routed through affected payment processing systems,” explained Hyatt’s Global President of Operations Chuck Floyd in a letter to customers.Floyd added the company has found no indication that other customer information was compromised. The company published a list of all affected locations, with the majority being based in the United States, China and India. In the U.S. alone, nearly 100 hotels across 26 states were affected. Other impacted locations included Hyatt hotels in Argentina, Australia, Brazil, Canada, France, Germany, Italy, Mexico, Philippines, Russia, Singapore, Thailand, the U.K. and more. “For at-risk transactions where a cardholder’s name was affected, we are in the process of mailing letters to customers for whom we have a mailing address and sending emails to customers for whom we only have an email address,” Floyd said. Hyatt says it was quick to engage with leading cyber security experts to resolve the issue and strengthen the security of its systems to help prevent future incidents. Customers are urged to remain vigilant and review their payment card account statements closely, as well as reporting any unauthorized activity to their card issuers. The company is offering those affected one year of free fraud protection services via CSID. Hyatt joins a number of other hotels, including Starwood Hotels and Resorts, Hilton Hotels and the hotel chain owned by Donal Trump, that discovered malicious activity on their payment processing systems last year.