#1
Apr 15, 2024Here we go again... 
More details: https://www.hyatt.com/notice/protectingourcustomers/
Quote:
We understand the importance of protecting customer information and securing our systems, and we regret to inform you that we discovered signs of and then resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. A list of affected hotels and respective at-risk dates is available here.
Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, including engaging leading third-party experts, payment card networks and authorities. Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems. Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue. I want to assure you that there is no indication that information beyond that gained from payment cards cardholder name, card number, expiration date and internal verification code was involved, and as a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide.
While we estimate that the incident affected a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period, the available information and data does not allow Hyatt to identify each specific payment card that may have been affected. Its important to Hyatt that we notify guests and provide helpful information about steps they can take, and we have directly contacted all guests for whom we have appropriate contact information that checked in to an affected hotel during the at-risk dates. As always, the primary step customers can take is to review their payment card account statements closely and report any unauthorized charges to their card issuer immediately.
This incident is something we take seriously, and we are sorry for the inconvenience and concern this may cause our guests. If you have questions or would like more information, please call:
Peoples Republic of China: 4001 200 597 (English/Mandarin/Cantonese) from 9AM-6PM China Standard Time
Korea: 00798 8523 8066 (English/Korean) from 9AM-6PM Korea Standard Time
Japan: 050 3822 4804 (English/Japanese) from 9AM-6PM Japan Standard Times
Europe: 0800 973 1234 (English/German/French/Italian/Spanish/Russian/Arabic/Dutch) from 9AM-6PM Central European Time
India: 1 800 122 1234 (English/Hindi/Arabic) from 9AM-6PM India Standard Time
Southeast Asia: 1 800 888 1234 (English/Tagalog/Korean) from 9AM-6PM Philippine Time
Pacific: 13 1234 (English) from 9AM-6PM Australian Eastern Standard Time
United States and Rest of World: +1 855 474 9288 (English) from 7AM-9PM U.S. Central Standard Time
United States and Rest of World: +1 402 938 3421 (English/Spanish) from 7AM-9PM U.S. Central Standard Time
Sincerely,
Chuck Floyd
Global President of Operations
Hyatt Hotels Corporation
List of impacted hotels here: https://www.hyatt.com/notice/protect...ers/hotellist/Originally Posted by Hyatt
Dear Hyatt Guest,We understand the importance of protecting customer information and securing our systems, and we regret to inform you that we discovered signs of and then resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. A list of affected hotels and respective at-risk dates is available here.
Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, including engaging leading third-party experts, payment card networks and authorities. Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems. Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue. I want to assure you that there is no indication that information beyond that gained from payment cards cardholder name, card number, expiration date and internal verification code was involved, and as a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide.
While we estimate that the incident affected a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period, the available information and data does not allow Hyatt to identify each specific payment card that may have been affected. Its important to Hyatt that we notify guests and provide helpful information about steps they can take, and we have directly contacted all guests for whom we have appropriate contact information that checked in to an affected hotel during the at-risk dates. As always, the primary step customers can take is to review their payment card account statements closely and report any unauthorized charges to their card issuer immediately.
This incident is something we take seriously, and we are sorry for the inconvenience and concern this may cause our guests. If you have questions or would like more information, please call:
Peoples Republic of China: 4001 200 597 (English/Mandarin/Cantonese) from 9AM-6PM China Standard Time
Korea: 00798 8523 8066 (English/Korean) from 9AM-6PM Korea Standard Time
Japan: 050 3822 4804 (English/Japanese) from 9AM-6PM Japan Standard Times
Europe: 0800 973 1234 (English/German/French/Italian/Spanish/Russian/Arabic/Dutch) from 9AM-6PM Central European Time
India: 1 800 122 1234 (English/Hindi/Arabic) from 9AM-6PM India Standard Time
Southeast Asia: 1 800 888 1234 (English/Tagalog/Korean) from 9AM-6PM Philippine Time
Pacific: 13 1234 (English) from 9AM-6PM Australian Eastern Standard Time
United States and Rest of World: +1 855 474 9288 (English) from 7AM-9PM U.S. Central Standard Time
United States and Rest of World: +1 402 938 3421 (English/Spanish) from 7AM-9PM U.S. Central Standard Time
Sincerely,
Chuck Floyd
Global President of Operations
Hyatt Hotels Corporation
More details: https://www.hyatt.com/notice/protectingourcustomers/
#3
antonius66 , Oct 12, 2017 7:59 pm
To be honest... meh. Sad as it is, I've just accepted this is a fact of life now. Entire identities breached by the 100s of millions in the USA, online provider accounts breached by the billions, credit card numbers skimmed, copied, stolen by the millions. Just a thing that happens now, not unlike terrorism. Never going to stop it... that's the problem with technology and the high stakes ($$$ in this case). Just have to live your life, and when it inevitably happens, deal with it and move on.
#4
Jaimito Cartero , Oct 12, 2017 8:05 pm
FlyerTalk Evangelist
The fact they don't give you a single list with affected hotels seems to be obfuscating which properties were hacked. It's a decent sized list.
#5
CloudCoder , Oct 12, 2017 9:28 pm
I'm fairly certain that Hyatt Corp has had ample opportunity to get some knowledgeable people in there, to un-screw their I.T. systems. I therefore conclude that they just plain don't WANT their I.T. systems to be trouble-free.
#6
Jaimito Cartero , Oct 12, 2017 9:44 pm
FlyerTalk Evangelist
Here's the list:
LOCATIONS PROPERTY NAME DATES AT RISK
Brazil
Sao Paulo Grand Hyatt Sao Paulo March 18, 2017 to July 2, 2017
China
Fuzhou Hyatt Regency Fuzhou, Cangsan March 18, 2017 to July 2, 2017
Guangzhou Grand Hyatt Guangzhou March 18, 2017 to July 2, 2017
Guangzhou Park Hyatt Guangzhou March 18, 2017 to July 2, 2017
Guiyang Hyatt Regency Guiyang March 18, 2017 to July 2, 2017
Hangzhou Hyatt Regency Hangzhou March 18, 2017 to July 2, 2017
Hangzhou Park Hyatt Hangzhou March 18, 2017 to July 2, 2017
Jinan Hyatt Regency Jinan March 18, 2017 to July 2, 2017
Lijiang Grand Hyatt Lijiang March 18, 2017 to July 2, 2017
Qingdao Hyatt Regency Qingdao March 18, 2017 to July 2, 2017
Sanya Grand Hyatt Sanya Haitang Bay March 18, 2017 to July 2, 2017
Shanghai Andaz Xintiandi, Shanghai March 18, 2017 to July 2, 2017
Shanghai Grand Hyatt Shanghai March 18, 2017 to July 2, 2017
Shanghai Hyatt on the Bund, Shanghai March 18, 2017 to July 2, 2017
Shanghai Hyatt Regency Chongming March 18, 2017 to July 2, 2017
Shanghai Hyatt Regency Shanghai Wujiaochang March 18, 2017 to July 2, 2017
Shenzhen Grand Hyatt Shenzhen March 18, 2017 to July 2, 2017
Xiamen Hyatt Regency Xiamen Wuyuanwan March 18, 2017 to July 2, 2017
Xi'an Hyatt Regency Xi'an March 18, 2017 to July 2, 2017
Colombia
Hyatt Regency Cartagena March 18, 2017 to July 2, 2017
Guam
Tumon Hyatt Regency Guam March 18, 2017 to July 2, 2017
India
Pune Hyatt Place Pune/Hinjawadi March 18, 2017 to July 2, 2017
Indonesia
Bali Grand Hyatt Bali March 18, 2017 to July 2, 2017
Japan
Tokyo Andaz Tokyo Toranomon Hills March 18, 2017 to July 2, 2017
Malaysia
Kuala Lumpur Grand Hyatt Kuala Lumpur March 18, 2017 to July 2, 2017
Mexico
Celaya Hyatt Place Celaya March 18, 2017 to July 2, 2017
Playa del Carmen Andaz Mayakoba March 18, 2017 to July 2, 2017
Tijuana Hyatt Place Tijuana March 18, 2017 to July 2, 2017
Zapopan, Jalisco Hyatt Regency Andares Guadalajara
Puerto Rico
Dorado Hyatt Place Bayamón March 18, 2017 to July 2, 2017
Manatí Hyatt Place Manatí March 18, 2017 to July 2, 2017
San Juan Hyatt Place San Juan March 18, 2017 to July 2, 2017
Saudi Arabia
Holy Makkah Jabal Omar Hyatt Regency Makkah March 18, 2017 to July 2, 2017
Jeddah Park Hyatt Jeddah – Marina, Club and Spa March 18, 2017 to July 2, 2017
Riyadh Hyatt Regency Riyadh Olaya March 18, 2017 to July 2, 2017
South Korea
Busan Park Hyatt Busan March 18, 2017 to July 2, 2017
Seogwipo-Si Hyatt Regency Jeju March 18, 2017 to July 2, 2017
Seoul Grand Hyatt Seoul March 18, 2017 to July 2, 2017
United States
Koloa, HI Grand Hyatt Kauai Resort and Spa March 18, 2017 to July 2, 2017
Lahaina, HI Hyatt Regency Maui Resort and Spa March 18, 2017 to July 2, 2017
Wailea, HI Andaz Maui at Wailea Resort March 18, 2017 to July 2, 2017
LOCATIONS PROPERTY NAME DATES AT RISK
Brazil
Sao Paulo Grand Hyatt Sao Paulo March 18, 2017 to July 2, 2017
China
Fuzhou Hyatt Regency Fuzhou, Cangsan March 18, 2017 to July 2, 2017
Guangzhou Grand Hyatt Guangzhou March 18, 2017 to July 2, 2017
Guangzhou Park Hyatt Guangzhou March 18, 2017 to July 2, 2017
Guiyang Hyatt Regency Guiyang March 18, 2017 to July 2, 2017
Hangzhou Hyatt Regency Hangzhou March 18, 2017 to July 2, 2017
Hangzhou Park Hyatt Hangzhou March 18, 2017 to July 2, 2017
Jinan Hyatt Regency Jinan March 18, 2017 to July 2, 2017
Lijiang Grand Hyatt Lijiang March 18, 2017 to July 2, 2017
Qingdao Hyatt Regency Qingdao March 18, 2017 to July 2, 2017
Sanya Grand Hyatt Sanya Haitang Bay March 18, 2017 to July 2, 2017
Shanghai Andaz Xintiandi, Shanghai March 18, 2017 to July 2, 2017
Shanghai Grand Hyatt Shanghai March 18, 2017 to July 2, 2017
Shanghai Hyatt on the Bund, Shanghai March 18, 2017 to July 2, 2017
Shanghai Hyatt Regency Chongming March 18, 2017 to July 2, 2017
Shanghai Hyatt Regency Shanghai Wujiaochang March 18, 2017 to July 2, 2017
Shenzhen Grand Hyatt Shenzhen March 18, 2017 to July 2, 2017
Xiamen Hyatt Regency Xiamen Wuyuanwan March 18, 2017 to July 2, 2017
Xi'an Hyatt Regency Xi'an March 18, 2017 to July 2, 2017
Colombia
Hyatt Regency Cartagena March 18, 2017 to July 2, 2017
Guam
Tumon Hyatt Regency Guam March 18, 2017 to July 2, 2017
India
Pune Hyatt Place Pune/Hinjawadi March 18, 2017 to July 2, 2017
Indonesia
Bali Grand Hyatt Bali March 18, 2017 to July 2, 2017
Japan
Tokyo Andaz Tokyo Toranomon Hills March 18, 2017 to July 2, 2017
Malaysia
Kuala Lumpur Grand Hyatt Kuala Lumpur March 18, 2017 to July 2, 2017
Mexico
Celaya Hyatt Place Celaya March 18, 2017 to July 2, 2017
Playa del Carmen Andaz Mayakoba March 18, 2017 to July 2, 2017
Tijuana Hyatt Place Tijuana March 18, 2017 to July 2, 2017
Zapopan, Jalisco Hyatt Regency Andares Guadalajara
Puerto Rico
Dorado Hyatt Place Bayamón March 18, 2017 to July 2, 2017
Manatí Hyatt Place Manatí March 18, 2017 to July 2, 2017
San Juan Hyatt Place San Juan March 18, 2017 to July 2, 2017
Saudi Arabia
Holy Makkah Jabal Omar Hyatt Regency Makkah March 18, 2017 to July 2, 2017
Jeddah Park Hyatt Jeddah – Marina, Club and Spa March 18, 2017 to July 2, 2017
Riyadh Hyatt Regency Riyadh Olaya March 18, 2017 to July 2, 2017
South Korea
Busan Park Hyatt Busan March 18, 2017 to July 2, 2017
Seogwipo-Si Hyatt Regency Jeju March 18, 2017 to July 2, 2017
Seoul Grand Hyatt Seoul March 18, 2017 to July 2, 2017
United States
Koloa, HI Grand Hyatt Kauai Resort and Spa March 18, 2017 to July 2, 2017
Lahaina, HI Hyatt Regency Maui Resort and Spa March 18, 2017 to July 2, 2017
Wailea, HI Andaz Maui at Wailea Resort March 18, 2017 to July 2, 2017
#7
Quote:
Then you should leave your front door and car doors unlocked and accept that burglary and theft are a fact of life now.Originally Posted by antonius66
To be honest... meh. Sad as it is, I've just accepted this is a fact of life now. Entire identities breached by the 100s of millions in the USA, online provider accounts breached by the billions, credit card numbers skimmed, copied, stolen by the millions. Just a thing that happens now, not unlike terrorism. Never going to stop it... that's the problem with technology and the high stakes ($$$ in this case). Just have to live your life, and when it inevitably happens, deal with it and move on.
#8
notquiteaff , Oct 12, 2017 11:20 pm
FlyerTalk Evangelist
Quote:
Oh, I am sure they want it. They are either not willing to pay for it (those free water bottles for elites don't pay for themselves) or they are plain incompetent. My guess is it's the latter (hanlon's razor).Originally Posted by CloudCoder
I'm fairly certain that Hyatt Corp has had ample opportunity to get some knowledgeable people in there, to un-screw their I.T. systems. I therefore conclude that they just plain don't WANT their I.T. systems to be trouble-free.
But hey, good news for me - I didn't have any stays with Hyatt during that period. At all.
#9
CloudCoder , Oct 13, 2017 5:04 am
Quote:
Guesswork follows. March 18 is probably when they installed a "new" procedure to handle credit cards at the front desk. July 2 is probably when they abandoned the "new" procedure because they discovered that it is not secure.Originally Posted by Hyatt
unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017
I'm not sure which story is more jaw-dropping. "Thieves steal Credit Card info from Hyatt" ... or "Hyatt stores unencrypted Credit Card info at the individual hotel level". Unencrypted Credit Card Info should never be stored on local servers, ever.
Honestly, there are so many services to process credit card transactions securely. It's just blows the mind to think that a multi-national corporation would intentionally plan and install an insecure service, and then take 3.5 months to realize their blunder.
#10
Quote:
Originally Posted by Jaimito Cartero
The fact they don't give you a single list with affected hotels seems to be obfuscating which properties were hacked. It's a decent sized list.
hyatt has published a list
https://www.hyatt.com/notice/protect...ers/hotellist/
#11
Quote:
Yes and in the virtual world pretty much everyones door is unlocked after all recent breaches... or as a better analogy keys to everyones door are available and you cant change the locks...Originally Posted by JackE
Then you should leave your front door and car doors unlocked and accept that burglary and theft are a fact of life now.
#12
Jaimito Cartero , Oct 13, 2017 11:05 am
FlyerTalk Evangelist
Quote:
https://www.hyatt.com/notice/protect...ers/hotellist/
When I click on the link, I only get a pulldown menu where you have to select each country and hit enter. So not a single easy to view list.Originally Posted by 59Impala
hyatt has published a listhttps://www.hyatt.com/notice/protect...ers/hotellist/