Hyatt Hotels Corporation is advising guests who stayed at any of their 22 Chinese hotels between August and December 2015 to check their credit card records after admitting a security breach of the company’s computer systems may have granted unauthorized access to customer payment data.
“Hyatt encourages customers to review their payment card account statements closely and to report any unauthorized charges to their card issuer immediately,” said Lillian Zhang, director of corporate communications at Hyatt Group China. Despite the announcement, Hyatt customers were reassured that everything was business as usual at the hotel franchise: “We have taken steps to strengthen the security of our systems, and customers can feel confident using payment cards at Hyatt hotels worldwide,” said Hyatt global president of operations Chuck Floyd in a statement.
Credit cards suspected of being compromised were used at Hyatt-managed locations, particularly restaurants, between August 13 and December 8. Another small percentage of questionable transactions occurred at Hyatt spas, golf shops, parking services, and at a limited number of front desks on or shortly after July 30.
Hyatt said the malware was first detected on the company’s computer systems on November 30, but the issue was not publicized until December 23. The malware was designed to collect payment card data, such as cardholder names, card numbers, expiration dates, and internal verification codes from cards used at Hyatt locations. At the time, the hotel wasn’t sure how much customer data had been stolen, how long the malware had been present on the system, or how many of the company’s 627 properties in 52 countries may have been affected.
Last year, a number of hotel chains fell victim to credit card security breaches including the Trump Hotel Collection, Hilton Worldwide, Starwood Hotels & Resorts, and the Mandarin Oriental Hotel Group. “Hotel chains are prime targets for hackers since they store and process a treasure trove of sensitive customer data,” said IDT911 chairman and founder, Adam Levin. “Consumers should immediately check their accounts for any suspicious activity and sign up with their bank, credit union, or credit card company for transactional monitoring so that they are notified any time there is activity in their credit or bank accounts.”