Hackers succeeded in breeching payment card information used at 250 Hyatt Hotels locations in around 50 countries following the deliberate implementation of a virus into the company’s payment processing systems.
Hyatt broke the news on data breach back in December and then launched a full-scale investigation. On Thursday, Hyatt broadcasted the full list of ravaged locations, providing the exact place and time the payment cards were compromised with the malware.
A large percentage of the targeted stolen cards were used at restaurants, spas, golf shops, parking systems, front desks and sales offices.
“The malware installed on the company’s computers was designed to capture payment card details like cardholder names, card numbers, expiration dates and verification codes when passed from the affected locations to the payment processing systems.” Information Security Specialist Lucian Constantin reports.
Hyatt has taken course to send letters of apology to exposed customers. The victims will be presented with a one-year subscription to identity and fraud protection services provided by US-based CSID for free.
“Hyatt has worked with third-party cyber security experts to close the security breach and take additional measures so that it doesn’t happen again.” The company confirmed.
Hyatt is just the latest casualty in a long series of organizations with payment systems falling prey to malware. Hilton Worldwide, Mandarin Oriental and Starwood Hotels & Resorts Worldwide all reported being hacked in 2015.