Malware Found on Hyatt Hotels Payment System

According to a report by the Identity Theft Resource Center, as of December 22nd, 2015 there have been seven hundred sixty-six (766) data breaches in the United States. Unfortunately, Hyatt Hotels has joined the list of companies affected with a recent announcement that they found malware in their customer payment systems.

The breach of Hyatt’s systems comes shortly after the news that two rivals had been hit. Hilton Hotels confirmed a breach in late November, as did Starwood. In both cases, payment information, which includes credit cards numbers, cardholder names, expiration and CVV numbers, were included in the breaches. While Hilton did not say how many properties had been hacked, Starwood was much more specific and published a list with the fifty-four hotels that were affected across North America.

While this is bad news for Hyatt, the good news is that the malware was only found in the payment systems used for properties directly managed by Hyatt. Properties operated under franchise agreements (Hyatt Place/Hyatt House and some other Hyatt properties) appear to be unaffected….for now. In the mean time, Hyatt has set up a page on it’s website for customers to visit for updates and other news regarding the breach.

Hyatt Data Breach
Hyatt Data Breach

Despite a smaller footprint (627 properties), when compared to Hilton (4,200+ properties), Marriott (4,300+ properties) or Starwood (1,270+ properties), I am a big fan of the Hyatt portfolio and the Gold Passport Program. The Diamond tier, in particular, offers an excellent set of benefits, such as four confirmed suite upgrades, complimentary breakfast that works for multiple guests in a room, lounge access and more.

Hyatt Diamond Breakfast - Park Hyatt Paris
Hyatt Diamond Breakfast – Park Hyatt Paris

Although they offer an excellent loyalty program, Hyatt’s IT infrastructure leaves a lot to be desired. This thread, which dates back to 2010 and has more than eighty-four pages of posts, shows a lot of the frustration that Hyatt customers experience when interacting with the website. I can not count how many times within the past six months that I have experienced problems when making a reservation, checking my account summary or just looking at photos of a property I am interested in staying at. When I read of the news that Hyatt had been breached, my first reaction was surprise that this had not happened sooner.

Hyatt Website Error
Hyatt Website Error

Originally discovered on November 30th, it remains unclear why it took over three weeks for Hyatt to inform the public of this data breach. As we learn more, my hope is that Hyatt will follow in Hilton and Starwood’s footsteps and offer complimentary credit monitoring for those affected.

Keep an eye on InsideFlyer for more information about the breach and the steps Hyatt plans to take to (hopefully) prevent this from happening again. With the upcoming holiday, I would imagine that it will be several more days until we learn the true magnitude of this breach.

Are you worried about the malware found in Hyatt’s payment system?