Two-hundred and fifty Hyatt hotels in 50 countries -- including hotels in Phoenix, San Francisco, Boston, Hawaii, New York, and Seattle -- were impacted by data breaches at its properties between Aug. 13 and Dec. 8, 2015, Hyatt Hotels Corp. announced yesterday after completing its investigation into the incident.
The data breaches, Hyatt concluded, were the work of malware designed to collect payment card data -- cardholder name, card number, expiration date, and internal verification code -- from cards used onside as the data was being routed through payment processing systems. Data was stolen mostly at hotel restaurants, although a small number of transactions at hotel spas, golf shops, parking garages, and front desks also were breached.
Hyatt said it worked quickly with third-party cyber security experts to resolve the issue and strengthen the security of its systems. It notified law enforcement and payment card networks, and has promised its customers that they "can confidently use payment cards at Hyatt hotels worldwide."
"Protecting customer information is critically important to Hyatt, and we take the security of customer data very seriously," said Chuck Floyd, global president of operations for Hyatt. "We have been working tirelessly to complete our investigation, and we now have more complete information that we want to share so that customers can take steps to protect themselves. Additionally, we want to assure customers that we took steps to strengthen the security of our systems in order to help prevent this from happening in the future."
Guests who stayed or otherwise patronized Hyatt hotels during the period in question are encouraged to review their payment card account statements closely and to report any unauthorized charges to their card issuer immediately. Customers with questions can visit www.hyatt.com/protectingourcustomers or call 1-877-218-3036 between the hours of 7 a.m. and 9 p.m. EST.
MeetingNews Minute is now 30 Seconds to Smart. Up your meetings-industry IQ now!