BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Card Breach Affects 250 Hyatt Hotels Worldwide

From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Fri, 15 Jan 2016 09:06:23 -0600
http://www.securityweek.com/card-breach-affects-250-hyatt-hotels-worldwide

*Following an investigation into a breach
<http://www.securityweek.com/hyatt-hotels-finds-malware-payment-systems> of
its payment processing systems, Chicago-based hotel operator Hyatt Hotels
has determined that the incident affects 250 hotels worldwide.*

According to the company, the investigation revealed
<http://www.hyatt.com/protectingourcustomers/faq/> unauthorized access to
data associated with payment cards used at Hyatt-managed locations, mainly
restaurants, between August 13, 2015 and December 8, 2015. Hyatt says a
small percentage of the exposed cards were used at golf shops, spas,
parking, front desks, or had been provided to sales offices.

For a limited number of locations, attackers might have breached systems on
or shortly after July 30, 2015.

The hotels hit by the breach are located in Argentina, Armenia, Aruba,
Australia, Austria, Azerbaijan, Brazil, Cambodia, Canada, Chile, China,
Costa Rica, Egypt, France, Germany, Greece, Guam, Hong Kong, India,
Indonesia, Italy, Japan, Jordan, Macau, Malaysia, Maldives, Mexico,
Morocco, Nepal, Netherlands, the Mariana Islands, Oman, Panama,
Philippines, Puerto Rico, Qatar, Russia, Saudi Arabia, Serbia, Singapore,
South Africa, South Korea, Switzerland, Taiwan, Tajikistan, Tanzania,
Thailand, Trinidad and Tobago, Turkey, Ukraine, UAE, the UK, the US, and
Vietnam.

The highest number of affected locations are in China (22 hotels), India
(20 hotels) and the United States (99 hotels). Only the Hyatt Regency in
Boston is listed as being impacted since July 30.

Hyatt said the malware found on its systems was designed to collect
cardholder names, card numbers, expiration dates and internal verification
codes. The malware collected the data as it passed through infected payment
processing systems. There is no evidence that other customer information
has been compromised, the hotel operator said.

Hyatt noted that it has notified appropriate country and state regulators,
and it has been working with the FBI to investigate the incident. The
company is working on notifying affected customers via snail mail and
email. Customers for whom Hyatt does not have any contact information are
advised to check the list of affected hotels
<http://www.hyatt.com/protectingourcustomers/hotellist/> to determine if
they are impacted.

Affected individuals have been offered one year of free fraud protection
services via CSID.

“Though it is common to see malware capture credit cards at the time of the
swipe, in this instance, the malware collected card data while it was being
routed through the affected payment processing systems, according to
Hyatt’s statement,” said Brad Cyprus, chief of security and compliance at
Netsurion, a provider of remotely-managed security services for
multi-location businesses.

“2016 is picking up right where we left off last year, with more evidence
of the IT security threat the hospitality industry is facing. In the New
Year, these businesses, from individually owned hotels to large, national
chains, should resolve to strengthen security postures. For many, the best
way to accomplish that goal is to partner with a managed data and network
security provider,” Cyprus said in an emailed statement.

The list of hotel operators targeted by cybercriminals last year
includes Mandarin
Oriental Hotel Group
<http://www.securityweek.com/mandarin-oriental-hotels-hit-credit-card-breach>,
White Lodging Services
<http://www.securityweek.com/hotel-operator-white-lodging-struck-again-pos-attack>,
Trump Hotel Collection
<http://www.securityweek.com/trump-hotels-investigating-possible-card-breach>,
Hilton <http://www.securityweek.com/hilton-hotels-hit-cyber-attack>
and Starwood
Hotels
<http://www.securityweek.com/starwood-hotels-says-payment-systems-were-hacked>
.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: