250 Hyatt hotels targeted by payment card malware

PCI DSS v3.1 is (already) coming.
2nd March 2015
PCI DSS 3.2 is expected in March/April 2016
22nd February 2016
Show all

250 Hyatt hotels targeted by payment card malware

Image: Ludovic Berton - Flickr Creative Commons

One more time, a big hotel chain has been hit by a malware directly targeting customers payment card data. The Hyatt hotel chain disclosed details on the attack that was briefly disclosed before Christmas 2015, after a similar breach was disclosed by competing chain Hilton just weeks before, in November 2015.

An initial investigation highlighted signs of unauthorised access to payment card data from the 13th Aug 2015 to the 8th Dec 2015, essentially from restaurants. The chain issued an official statement where details on a customer protection scheme are announced and established for a year for all affected customers.

The malware seems to have been installed on several payment processing systems through which onsite card transactions were routed. It has been designed to capture card numbers, cardholder name, expiry date and the internal verification code.

list of all affected locations was provided by the chain, including 250 hotels spread across 50 different countries.

The letter includes the (now usual) following statement: “we take the security of customer data very seriously”.



Image: Ludovic Berton – Flickr Creative Commons

Leave a Reply