Hyatt Hotels Suffers Another Card Breach

Cornelia Mascio
Ottobre 14, 2017

Hyatt Hotels Corp said on Thursday it had discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017.

Hyatt Hotels Corp. has proven that the adage "once bitten, twice shy" is inaccurate after revealing that its payment system was hacked and customer data such as credit card details were stolen.

The compromised customer information included cardholder names, card numbers, expiration dates and internal verification codes.

"Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities", says the firm on its FAQ page.

Did you stay at a Hyatt earlier this year? "Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue". We have directly contacted all guests for whom we have appropriate and reliable contact information that used payment cards at affected hotels during the at-risk dates. Fortunately, none of the Hyatt properties in the United Kingdom were breached in 2015 or this year.

The breach affected 41 facilities across 11 countries: the US, Brazil, China, Colombia, Guam, India, Indonesia, Japan, Malaysia, Mexico, Puerto Rico, Saudi Arabia and South Korea. Back in 2015, hackers were able to access credit card systems at 250 Hyatt hotels across 50 countries for as long as four months without getting detected. In April, UK-based InterContinental Hotels Group announced that between September 29 and December 29 of past year, hackers stole a large number of customer card details from a number of its locations by hacking into IHG's payment servers.

Hyatt claimed they had 'taken steps to strengthen the security of its systems, and customers can feel confident using payment cards at Hyatt hotels worldwide, ' according to Threat Post. Organized crime groups (most notably the Carbanak gang) have been targeting customer service and reservations specialists at various hospitality chains with tailored social engineering attacks that involve well-aged fake companies and custom malware.

In October 2015 the Trump Hotel Collection confirmed a breach of its payment systems. "Adversaries would call the front desk complaining of an issue and send an email with 'supporting information",' said Stephen Moore, chief security strategist at Exabeam.

The problem started at the front desk, reportedly, so is likely to be a point of sale problem. "That Hyatt has said this is a 'front desk" breach leads credibility to this attack vector.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE