Security Week: Hyatt Hotels Hit by Another Card Breach

October 13, 2017 — Hyatt Hotels Hit by Another Card Breach

Lisa Baergen, director at NuData, comments on the news of Hyatt Hotels informing customers this week that their credit card information may have been stolen by cybercriminals.

Chicago-based hotel operator Hyatt Hotels Corporation informed customers this week that their credit card information may have been stolen by cybercriminals. This is the second data breach discovered by the company within a period of two years.

The incident affects three hotels in the United States (all in Hawaii), three in Puerto Rico, 18 in China, four in Mexico, three in Saudi Arabia, three in South Korea, and one each in Brazil, Colombia, Guam, India, Indonesia, Japan and Malaysia.

According to Hyatt, malware planted by cybercriminals on certain hotel IT systems harvested information from payment cards manually entered or swiped at some hotel front desks between March 18, 2017 and July 2, 2017.

The malware was designed to steal data such as cardholder name, card number, expiration date, and internal verification code. No other information appears to have been compromised.

“The harvested customer payment card data – including expiration dates and verification codes – is extremely valuable data that will be sold on the Dark Web or used in credit card cycling scams. It’s also easily combined with other stolen data to build entirely new synthetic personas for all manner of fraud,” explained Lisa Baergen, marketing director at NuData Security.

“The travel and leisure industry – like so many consumer-facing sectors – has time and again shown itself extremely vulnerable to breaches,” Baergen added. “This latest concerning breach is just one more reason why companies such as Hyatt must adopt more advanced security and authentication measures based on trusted identity, and consumers must diligently, routinely check their credit files for suspicious credit applications and consider freezing their credit profiles.”

For the complete article, go here.