Hyatt Hotels Breached Again

According to a statement from the hotel, Hyatt "discovered signs of and then resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017." Affected information includes payment card information, such as, cardholder name, card number, expiration date and internal verification code. This is not the first time Hyatt has had to warn customers of a data breach. In late 2015 Hyatt said its payment processing system was infected with credit-card-stealing malware which affected 250 hotels in about 50 countries.

Affected customers have been notified directly if their contact information was available. But the hotel chain said that “the available information and data does not allow Hyatt to identify each specific payment card that may have been affected," which seems to indicate that Hyatt is unsure as to the extent of the breach.

According to a statement from Netsurion, “There is a common thread among hotel breaches. Hackers are targeting hotels because of the type of POS systems utilized. These are often integrated POS environments running applications that are not as secure as modern, hardened payment terminals designed to capture and encrypt payment data. Hotel systems send the data to the back office instead of directly to the payment processor, adding an additional step that creates weakness in the hotel POS system. In addition, there are large volumes of payment card transactions between restaurants, on-site shops, spas, parking, and the front-desk, ensuring there is plenty of customer data for a hacker to compromise."