Hyatt suffers second data breach in two years

The Hyatt Regency Maui Resort and Spa is among those affected by the latest breach.

Hyatt Hotels Corporation revealed last week it suffered a breach of its payment systems, exposing customer credit card data from 41 hotels in 11 countries worldwide. It took Hyatt nearly three months to inform customers about the breach, which was discovered in July. The breach impacts customers who used credit cards at affected hotels from March 18 to July 2.

Based on Hyatt’s investigation into the breach, it appears that malicious software code from a third party was inserted onto certain hotel information technology systems. A list of impacted hotels can be found here. In total, 41 hotels are affected, almost half of which are in China. Irregular activity has also been detected in Hyatt hotels in Brazil, Columbia, Guam, India, Indonesia, Japan, Mexico, Puerto Rico, South Korea, and Hawaii.

In a statement, Chuck Floyd, global president of operations for Hyatt Hotels said, “I want to assure you that there is no indication that information beyond that gained from payment cards—cardholder name, card number, expiration date and internal verification code—was involved, and as a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide.”

FREE DAILY NEWSLETTER

Like this story? Subscribe to Operations & Technology!

Hospitality professionals turn to Operations & Technology as their go-to source for breaking news on guestrooms, food & beverage, hospitality and technology trends, management and more. Sign up today to get news and updates delivered to your inbox daily and read on the go.

Back in 2016, Hyatt disclosed a breach of payment cards that affected 250 hotels in approximately 50 countries, making it one of the most wide-ranging incidents in a rash of hotel cyberattacks. Also that year Hilton, Mandarin Oriental, Trump Hotels and Starwood Hotels & Resorts Worldwide were affected by hacker attacks.

Hyatt isn’t the only major hotel company to have suffered a data breach in recent months. Most recently, a data breach at third-party hotel-reservations provider Sabre impacted multiple hotels, including those from Four Seasons Hotels and Resorts, Trump Hotels, Kimpton Hotels & Restaurants and RLH CorporationInterContinental Hotels Group also has announced two data breaches this year.

Suggested Articles

The oversubscribed $50 million USD Series C round was led by Canadian venture capital firm Inovia Capital.

The properties have offered to provide temporary housing for emergency and health-care workers as the COVID-19 public-health crisis grows.

Here’s what you need to know about a variety of financing options to consider in today’s environment as you move to finance your next project.