Hyatt names 250 hotels in data breach

One of the greatest security threats facing hotels today comes from digital avenues. Hotels are a prime target for malware capable of stealing the personal information of guests due to the high volume of unique consumers swiping cards every day, and the possibility of a security breach is a prime concern going into 2016.

Case in point, as the year ended Hyatt Hotels Corp. was found to be under attack from hackers who placed malware on the computers running its payment processing systems at several of its managed hotels. While the company had not initially released information on the number of hotels affected by this individual attacks, The Wall Street Journal reported that Hyatt Hotels Corp. is now sayit it found malware in 250 of its hotels worldwide. The malware attack was conducted over a four-month period in 2015, and comprised approximately 40 percent of Hyatt's hotels in operation, making it one of the largest hotel data breaches on record.

The malware, which is designed to lift guest credit card information on file, was found in payment processing systems for hotel restaurants, front desks, spas and even parking facilities. Roughly 100 of the affected hotels were located in the U.S. A spokesperson told the Chicago Tribune that Hyatt is unaware of the official first date of the breach, but was able to trace activity back to a period between July and December of last year. The company provided a list of hotels affected by the breach to allow consumers to adapt to the possibility of their information being stolen.

Virtual Roundtable

Post COVID-19: The New Guest Experience

Join Hotel Management’s Elaine Simon for our latest roundtable—Post COVID-19: The New Guest Experience. The experts on the panel will share how to inspire guest confidence that hotels are safe and clean and how to win back guest business.

Hackers are indiscriminate in their attacks on large corporations, but the hospitality sector is particularly attractive to them due to the multitude of ways guests can make purchases while on property. Attacks can be brand-wide, such as in Hyatt's case, or geographically chosen such as when a number of San Diego hotels fell victim to credit card hackers in July of last year.

What's worse is just how liable hotels are in the event of a breach. In August, a U.S. appeals court decided that the Federal Trade Commission has the power to regulate corporate cyber security, and a lawsuit may be forthcoming between the FTC and Wyndham Worldwide for failing to adequately defend customer information.

Other brands that have been subjected to high-profile breaches last year include Trump Hotels in October and Hilton Worldwide Holdings, which found its hotel shops to be the target during a period between April and July.

Suggested Articles

Sign up for Hotel Optimization for clear insight, opinions and forecasting to help you quickly get back to profitability.

The products use mechanical-kill spikes that act as a barrier to provide protection against germs and viruses.

The Atlanta-based company will manage the under-construction 104-room Residence Inn by Marriott Waco/South.