Malware again checks into Hyatt's hotels, again checks out months later with victims' credit cards

Hyatt grievance, see?

Hyatt

Hyatt has provided the perfect excuse for folks trying to explain to bosses or spouses why a film they watched in their hotel room for just seven minutes appeared on their company or personal credit card.

Its computer systems were earlier this year hacked by miscreants, who infected payment terminals with malware that siphoned off people's credit card numbers to the scumbags. These details could be used to clone cards and go on spending sprees online, and basically rack up bills on someone else's dime.

In a statement today, the chain admitted that between March 18 and July 2, 41 of its hotels in about a dozen countries were infiltrated by the software nasty. There's a list here. The majority of the infected locations are in China and elsewhere in Asia, although three Hyatt hotels in Hawaii were also hit.

The chain said it can't tell exactly whose card data was slurped. Hyatt staff have advised those who have stayed in the affected hotels to check their credit card statements carefully.

"We understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems," Chuck Floyd, global president of operations, said in a statement.

Hotel scene - suitcase propped up against freshly made bed. Image by Shutterstock

Secret shaggers, rejoice! Now you can blame that Hyatt credit card bill on hackers

READ MORE

"I want to assure you that there is no indication that information beyond that gained from payment cards – cardholder name, card number, expiration date and internal verification code – was involved, and as a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide."

So that's it, nothing to worry about. The hackers only got just enough information to copy your credit cards, with verification numbers, and go wild online to potentially knacker your credit ratings. And Hyatt has implemented measures to stop it happening again.

Which is odd, because that's pretty much what it said in December 2015 when the same thing happened – even reusing the website hyatt.com/notice/protectingourcustomers from that security breach for this latest cockup. Back then, Chuck offered similar platitudes to affected customers.

"Protecting customer information is critically important to Hyatt, and we take the security of customer data very seriously," he said. Based on today's news it's back to the drawing board. ®


Biting the hand that feeds IT © 1998–2017