Hyatt Hotel on Wednesday warned customers to check their credit and debit card bills for suspicious transactions after it discovered malware on computers that operate its payment processing systems.
The hotel group, which runs about 600 properties around the world, said it dealt with the security breach as soon as it was spotted, and reassured customers that they can once again “feel confident using payment cards” at Hyatt-operated locations, including restaurants, cafes, bars, and stores inside its hotels. An investigation into the incident is ongoing.
There were few details about the breach in both the official press release and in a message to customers posted online. However, in cases involving malware on point-of-sale systems, criminals can often grab data such as cardholder names, payment card numbers, security codes, and expiration dates.
It’s not clear when the breach started, or even when it was noticed. We’ve reached out to Hyatt for more information and will update if we hear back.
Hyatt is the latest in a growing list of high-end hotel groups to be targeted by cybercriminals planting malware on payment processing systems. Just last month Hilton revealed it’d been hit by hackers in two attacks that lasted a total of 17 weeks.
The Trump hotel chain also recently confirmed a year-long data hack, while in March the Mandarin Oriental group said it’d discovered malware attacks at a number of its hotels around the world.
Data stolen in point-of-sale raids like this often ends up being traded on illicit hacking forums, with buyers of the stolen data using it to purchase goods online or withdraw money from bank accounts.
As ever, customers are advised to keep an eye on their payment card bills and to contact their bank or card provider immediately if they spot any unusual transactions.
[Update:] Stephanie Sheppard, Hyatt’s manager of corporate communications, contacted DT to say the malware was detected on November 30, but didn’t say why it took so long to inform customers. Sheppard said more details will be released once the investigation is complete, adding that updates on the case will be posted here.
