Hyatt Hotels breach


On December 23, 2015, Hyatt Hotels reported that it was investigating cyberattacks that caused data breaches at its properties from August 13 to December 8, 2015.

Announced on: December 23, 2015

Description of breach: Hackers infected Hyatt computers that process card payments with malware in an attempt to steal the credit card information of hotel customers and guests. The attacks were mostly concentrated on payments processed at hotel restaurants, although Hyatt issued a warning that some “of the at-risk cards were used at spas, gift shops, parking, and a limited number of front desks” during this time period. (Source)

Information exposed: Cardholder names, card numbers, expiration dates and verification codes

Affected customers: The global data breach affected 250 hotels in about 50 countries. Nearly 100 of the affected hotels located in 25 states and the District of Columbia between Aug. 13, 2015 and Dec. 8, 2015.

Official information from Hyatt:

Help for victims: Hyatt has provided a phone line for customers who may have questions about the breach. 1-877-218-3036 (U.S. and Canada) or +1-814-201-3665 (International) from 7 a.m. to 9 p.m. EST.

Hyatt has arranged for CSID to provide one year of CSID’s Protector services to affected customers at no cost to them. CSID is one of the leading providers of fraud detection solutions and technologies. In order to activate CSID’s Protector coverage, affected customers in the U.S. may visit and affected customers outside the U.S. may visit to complete a secure sign up and enrollment process. 

List of affected hotels

More coverage of the breach: eSecurityPlanet