The news is reporting that Hyatt was aware of the breach last month and only just now decided to release the breach of data information.

Hmm....then there is this system maintenance.

http://newsroom.hyatt.com/news-releases?item=123450

Allegedly the 'security experts' are FireEye.
Experts.. http://googleprojectzero.blogspot.de...ect-zeros.html

Fight fire with Fire?:rolleyes:

Generally they don't have a choice as this type of remediation is required by the card organizations (i.e. Visa/MC) in the event of a breach.

I don't think there is any rule, per se, saying that they have to notify customers in any period of time. But the SEC may think it is material.

I'm not a lawyer though. And this doesn't even come close to discussing ethics.

Edit: Quartz is saying it was identified 11/30.

The website version of the press release is undated. No date range of suspected tampering is given. No list of affected hotels is given. No notice to Gold Passport members.

A horrible PR effort, all in all.

Yup.

This has caused me to reevaluate Hyatt as a company and not because of the hack. It is how they handled it. I still can't get into my account. I couldn't get in since the "upgrade" maintenence. Every time I called, all they wanted me to do was to request a temporary password. Nobody would even listen to me that the system was recognizing the temporary password but still would not let me in. I'm one of the unlucky ones that seems permanently locked out. The twitter team was also a joke as far as help goes.

I have a stay coming up with Hyatt next week. If I can't get into my account by Monday afternoon, I will call and cancel. I've already booked at a Doubletree as backup, which will suit my needs for this trip. I'll be damned if I willfully give them my business now that they haven't told us a damn thing about what is going on. Yes, I found out from the news. And all the time I thought it was "maintenence."

Ask yourself - would any sane company pick Christmas and New Years to do website maintenence? They knew. And they tried to keep it quiet rather than tell us.

Maybe the system maintenance was a way of verifying the extent of the hack. They obviously wouldn't have wanted to release the news to the public without knowing the full extent of the breach.

I have no idea of the situation (like most everyone here), but it would be difficult to release anything until you have a reasonable idea what they hell actually happened. If everyone made announcements of "suspected" hacks, we would stop reading about them.

We have some 20+ different credit cards. And, stupidly, many have the same passwords and ID. We will get hacked at some point, but will just use a different card. I am planning to travel with at least 6 different cards on our upcoming trip.

As reported, Hyatt became fully aware of the hacks. It was not "suspected" by Hyatt, but confirmed.

I assume that the system maintenance was to put new security measures in place to reduce the situation.

It would have been nice to just come come upfront and say that there has been a security breach and we are working on resolving the situation.

Rather it has been less than transparent from Hyatt, and even now as it has already been confirmed by other sources, Hyatt has yet to directly reach out to its customers to inform them of the potential damage.

I guess I can see why they would be hesitant to share the info for fear of losing potential business due to people being afraid of others getting access to their personal info if booked/reserved with Hyatt.

I am no security expert on proper protocol for handling data breach, but as a customer, I just want a vendor with whom I do business with to be transparent as much and as soon as possible when security breach has occurred.

Agree.

Wow Hyatt , not even an email to your customers about the data breach? And what about your website and the app? The mobile App hasn't been working for months.

I am convinced that I am a victim of this breach. My chase sapphire pref was cloned and was used for fraudulent activity this week. It was used to make purchases in Chicago, where I have stayed MANY times at multiple Hyatts using my sapphire pref

This is what happened to United...

Hyatt continues to disappoint... :td:

For those who care to know about such things, the "credit monitoring" services often pose as much or more risk to you than the company whose poor security allowed the breach.

Never give your SSN over the phone, a basic rule of thumb that eliminates the two companies who were to "monitor" my credit after the Anthem and United breaches.

Unfortunately, this is likely the beginning, not the end of trouble from this incident.