Hyatt doesn’t know how many customers were affected yet, but said that the malware was at work between July and December 2015 within payment-processing systems at its restaurants, spas, front desks, and other areas in its hotels.
Information that possibly was accessed by hackers includes cardholder names, card numbers, and expiration dates, Hyatt said. The malware was found at brands like Park Hyatt, Hyatt Regency, and Andaz, with about 100 U.S. hotels included in the list. The rest were abroad in cities like London, Paris, and Shanghai.
“Protecting customer information is critically important to Hyatt, and we take the security of customer data very seriously,” said Chuck Floyd, global president of operations for Hyatt. “We have been working tirelessly to complete our investigation, and we now have more complete information that we want to share so that customers can take steps to protect themselves. Additionally, we want to assure customers that we took steps to strengthen the security of our systems in order to help prevent this from happening in the future.”
The chain is encouraging customers to review their payment card account statements closely and to report any unauthorized charges to their card issuer immediately. Customers can visit www.hyatt.com/protectingourcustomers for more information, or call 1-877-218-3036 (U.S. and Canada) and +1-814-201-3665 (International) from 7 a.m. to 9 p.m. EST.
Hyatt has plenty of company in the malware-infected waters: in November, Hilton reported a credit card breach in many of its stores and restaurants, while Starwood reported that payment systems at 54 of its locations had been struck by malicious software.