Over the holidays, Hyatt quietly disclosed that there was a security breach at its hotels and restaurants; today, we’ve learned the incident affected 250 hotels in approximately 50 countries, with the greatest risk of exposure taking place in the hotels’ restaurants.
The hack is the latest in a string of data security attacks carried out at hotel chains in recent months; Starwood recently reported a breach at 54 of its hotels and Hilton also dealt with a similar situation, though it didn’t disclose the related numbers. Hyatt’s breach is perhaps one of the largest in scope, as it represents nearly 40 percent of their entire portfolio of properties across the globe.
According to Hyatt, the affected customers made purchases at hotel restaurants, spas, golf shops, front desks, parking lots, or sales offices between the dates of August 13 and December 8, 2015. As far as what information was compromised, Global President of Operations Chuck Floyd said: “The malware [used by cyberthieves] was designed to collect payment card data—the cardholder name, card number, expiration date and internal verification code—from cards used onsite.“
When it comes to the information that hotels store about their guests—things like minibar preferences, favorite drinks, room preferences, and home addresses—Hyatt says there’s no need to worry about leaks. “There is no indication that other customer information was affected,” said Floyd.
If you’re concerned that your data was hacked, here are a few steps you should take as immediate precautions:
- Look over your bank and credit card statements. Report any fraudulent charges to your issuer right away.
- Check to see if your hotel was affected. Hyatt has been refreshingly transparent about the situation by posting a list here.
- Even if you haven’t been the victim of fraud yet, keep monitoring those bills. Some breaches can go undetected for a year or longer, if the cyberthieves are especially sneaky.
- Follow your bank’s advice about freezing or closing any affected accounts. Normally, the first thing you want to do as a victim of cybertheft is freeze or close any potentially affected accounts, but since hackers have theoretically had your information for a while now, you can consult your credit card issuer for situation-specific advice.
- Sign up for CSID Protection. Hyatt will cover the cost for one year if you were affected by the breach. Find more details here.