Hyatt Hotels revealed last week (Thurs., Oct. 12) that its payment systems were breached, exposing credit card data from 41 hotels in 11 countries. The incident took place between March 18 and July 2.
“We understand the importance of protecting customer information and securing our systems, and we regret to inform you that we discovered signs of and then resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations,” wrote Hyatt Hotels Global President of Operations Chuck Lloyd in a statement released on the Hyatt website.
“Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, including engaging leading third-party experts, payment card networks and authorities. Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems. Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue.”
The three U.S. hotels affected were in located in Hawaii and include the Grand Hyatt Kauai Resort and Spa, the Hyatt Regency Maui Resort and Spa and Andaz Maui at Wailea Resort. The majority of the hotels impacted by the breach were located in China. A full list is available on Hyatt’s website (sort by using the dropdown menu).
