Hyatt suffers second data breach in two years

The Hyatt Regency Maui Resort and Spa is among those affected by the latest breach.

Hyatt Hotels Corporation revealed last week it suffered a breach of its payment systems, exposing customer credit card data from 41 hotels in 11 countries worldwide. It took Hyatt nearly three months to inform customers about the breach, which was discovered in July. The breach impacts customers who used credit cards at affected hotels from March 18 to July 2.

Based on Hyatt’s investigation into the breach, it appears that malicious software code from a third party was inserted onto certain hotel information technology systems. A list of impacted hotels can be found here. In total, 41 hotels are affected, almost half of which are in China. Irregular activity has also been detected in Hyatt hotels in Brazil, Columbia, Guam, India, Indonesia, Japan, Mexico, Puerto Rico, South Korea, and Hawaii.

In a statement, Chuck Floyd, global president of operations for Hyatt Hotels said, “I want to assure you that there is no indication that information beyond that gained from payment cards—cardholder name, card number, expiration date and internal verification code—was involved, and as a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide.”

Virtual Event

HOTEL OPTIMIZATION PART 2 | Now Available On-Demand

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.

Back in 2016, Hyatt disclosed a breach of payment cards that affected 250 hotels in approximately 50 countries, making it one of the most wide-ranging incidents in a rash of hotel cyberattacks. Also that year Hilton, Mandarin Oriental, Trump Hotels and Starwood Hotels & Resorts Worldwide were affected by hacker attacks.

Hyatt isn’t the only major hotel company to have suffered a data breach in recent months. Most recently, a data breach at third-party hotel-reservations provider Sabre impacted multiple hotels, including those from Four Seasons Hotels and Resorts, Trump Hotels, Kimpton Hotels & Restaurants and RLH CorporationInterContinental Hotels Group also has announced two data breaches this year.

Suggested Articles

The November edition of PwC’s "U.S. Hospitality Directions" suggests the second half of 2021 may bring some recovery for the industry.

These key technologies can help hoteliers meet the needs of the pandemic holiday traveler.

Hotels in Chicago, Dallas and Florida's Palm Beach are underway and slated to open over the next two years.