Hotel giant Hyatt is in the crosshairs again, having suffered its second data breach in two years (see this post). Hyatt’s security team recently confirmed the breach as having occurred between March 18 and July 2 of 2017.
While the company has yet to release any information detailing the number of impacted users, simply stating that it was a “small percentage of guests,” we do know that the following information was stolen:
• Credit card numbers
• Cardholder names
• Expiration dates
• And internal verification codes
Of note, no other personal information was obtained, so your name, address, birthdate, etc. remain safe.
It’s also known that the breach impacted 41 of Hyatt’s facilities, spread over 11 countries, including the United States, Brazil, China, Colombia, Guam, India, Indonesia, Japan, Malaysia, Mexico, Puerto Rico, Saudi Arabia and South Korea.
Per Chuck Floyd, Hyatt’s President of Operations:
“Based on our investigation, we understand that such unauthorized access to card data was caused by the insertion of malicious software code from a third party onto certain hotel IT systems. Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue. We worked quickly with leading third-party cybersecurity experts to resolve the issue and strengthen the security of our systems in order to help prevent this from happening in the future. As a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide.”
Interestingly, this statement is eerily similar to the one he was forced to issue last year after the first of the two data breaches.
While it’s understandable to try and put things in the best possible light after an attack like this, the words begin to ring hollow if the attacks keep happening, and it may be more difficult for Hyatt to regain consumer trust after this second incident.