Hyatt Hit With Another Credit Card BreachHyatt Hit With Another Credit Card Breach
Payment card information stolen when cards were either swiped or manually entered into registration systems at some Hyatt hotels.
October 14, 2017
Hyatt Hotels suffered a credit card breach at some of its locations, marking a second time that it has encountered such an issue in the past two years.
The most recent breach occurred between March 18 to July 2 and affected 41 Hyatt sites in 13 countries, according to a notice posted on Hyatt's website. Hyatt hotels in China took the brunt of the attack, affecting 18 hotel properties in that country, while three resorts in Hawaii were affected, as well as one in Guam and one in Puerto Rico.
"Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems," Hyatt stated on its site. "Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue. I want to assure you that there is no indication that information beyond that gained from payment cards – cardholder name, card number, expiration date and internal verification code – was involved."
The breach follows a similar breach in 2015, when 250 of Hyatt's hotels in 50 countries were affected, reports Krebs on Security.
Read more about the Hyatt breach here.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment