Hyatt Hotels Corporation has informed customers of a potential breach involving the theft of credit card numbers and other sensitive data following the detection of malware on their payment processing systems. The company announced this alarming discovery on a recent Wednesday, stating that they found malware on the computers managing transactions at Hyatt-managed locations.
“We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations,” the announcement emphasized. The company indicated that upon discovering the malware, an immediate investigation was initiated, enlisting the expertise of third-party cybersecurity specialists to address the issue.
Despite acknowledging the malware presence, Hyatt has not confirmed whether any credit card information was successfully accessed by the attackers. Furthermore, the company did not disclose the duration of the malware infection or the total number of hotel properties that might be impacted by this security breach. However, the nature of the malware suggests a significant risk of potential data compromise.
The discovery was made on November 30, but there has been no clear explanation regarding the delay of more than three weeks before the incident was publicly reported. As a leading global hospitality entity with a portfolio of 627 properties across 52 countries, the potential scale of affected customers remains unidentified.
Hyatt’s response to the security threat has included launching a thorough investigation and enhancing its security protocols to mitigate future risks. In tandem, the hotel chain has urged customers to diligently review their payment card statements for any unauthorized activity, advising them to report suspicious transactions immediately. The company seeks to reassure customers, indicating they can feel confident using their payment cards at Hyatt hotels worldwide.
This incident places Hyatt among several other hotel brands, including Hilton and Starwood, that have recently reported similar cybersecurity challenges involving malware infiltrating their payment systems. Cybersecurity experts note that tactics often employed in such breaches may relate to initial access through phishing or exploitation of vulnerabilities, followed by techniques such as credential dumping and data theft, as outlined in the MITRE ATT&CK framework. Given the scale of Hyatt’s operations, business owners should remain vigilant and proactive in addressing potential cybersecurity risks as similar patterns may emerge in the hospitality sector.
Found this article interesting? Follow us on Google News, Twitter, and LinkedIn to read more exclusive content we post.
