Hyatt's investigation into the malware attack carried out on computers that operate the hotel chain's payment processing system, suggests up to 250 hotels in 50 countries around the globe were infected. The affected Hyatt hotels include ones in the US, UK, China, Canada, India, Japan, Italy and France.
The hospitality giant says that since the news broke out about attack emerged, it had worked with the cybersecurity experts to resolve the issue and strengthen the security of its network in order to withstand such attacks in future. It also assures that customers can now "confidently use payment cards at Hyatt hotels worldwide".
Although there are no details the malware used and how harmful it is, Hyatt said that it identified the malicious software in late November 2015. Having being made aware the company launched an investigation immediately, which suggested that unauthorised access had been granted to payments cards used at Hyatt hotels between 13 August and 8 December 2015. Although the attack began in some locations on 30 July.
The malware was designed to collect data such as cardholders' names, and card numbers, expiry dates and internal verification codes used at Hyatt sites. The hotel chain says a small percentage of the cards used at spas, golf shops, parking and front desks or the ones provided to the firm's sales office were at risk.
Hyatt has provided the list of its hotels that were affected by the malware targeting the payment card data. It is also informing consumers whose transactions were at risk.
In a statement Chuck Floyd, global president of operations at Hyatt Hotels, said that the firm "worked quickly with leading third-party cybersecurity experts to resolve the issue and strengthen the security of our systems in order to help prevent this from happening in the future. We also notified law enforcement and the payment card networks. Please be assured that you can confidently use payment cards at Hyatt hotels worldwide".
Hyatt advised users to be vigilant and review payment card account statements and to report any unauthorised charges to their cards' issuers immediately. Meanwhile, Hyatt has also arranged for CSID – which offers fraud detection services – to offer one year of its CSID Protector services to affected customers for free.