Data Breach
#31
Join Date: Sep 2000
Location: Los Angeles, CA,
Programs: Hilton Diamond, IHG Diamond, Hertz President Circle, Copaair Presidential, and Southwest A-List
Posts: 587
The news is reporting that Hyatt was aware of the breach last month and only just now decided to release the breach of data information.
Hmm....then there is this system maintenance.
Hmm....then there is this system maintenance.
#32
Join Date: Oct 2015
Location: next to HAM
Programs: LH M+M
Posts: 960
http://newsroom.hyatt.com/news-releases?item=123450
Allegedly the 'security experts' are FireEye.
Experts.. http://googleprojectzero.blogspot.de...ect-zeros.html
Fight fire with Fire?
Allegedly the 'security experts' are FireEye.
Experts.. http://googleprojectzero.blogspot.de...ect-zeros.html
Fight fire with Fire?
#34
I'm not a lawyer though. And this doesn't even come close to discussing ethics.
Edit: Quartz is saying it was identified 11/30.
Last edited by United747; Dec 25, 2015 at 9:44 am Reason: See above
#35
Join Date: Jan 2002
Location: Atlanta, GA
Programs: DL DM & 5MM, WN
Posts: 1,451
The website version of the press release is undated. No date range of suspected tampering is given. No list of affected hotels is given. No notice to Gold Passport members.
A horrible PR effort, all in all.
A horrible PR effort, all in all.
#36
Suspended
Join Date: Nov 2010
Posts: 1,677
This has caused me to reevaluate Hyatt as a company and not because of the hack. It is how they handled it. I still can't get into my account. I couldn't get in since the "upgrade" maintenence. Every time I called, all they wanted me to do was to request a temporary password. Nobody would even listen to me that the system was recognizing the temporary password but still would not let me in. I'm one of the unlucky ones that seems permanently locked out. The twitter team was also a joke as far as help goes.
I have a stay coming up with Hyatt next week. If I can't get into my account by Monday afternoon, I will call and cancel. I've already booked at a Doubletree as backup, which will suit my needs for this trip. I'll be damned if I willfully give them my business now that they haven't told us a damn thing about what is going on. Yes, I found out from the news. And all the time I thought it was "maintenence."
Ask yourself - would any sane company pick Christmas and New Years to do website maintenence? They knew. And they tried to keep it quiet rather than tell us.
#37
Join Date: Dec 2014
Location: U.K and USA
Programs: Amex Platinum, AA Platinum, Air France Platinum for Life,
Posts: 50
Maybe the system maintenance was a way of verifying the extent of the hack. They obviously wouldn't have wanted to release the news to the public without knowing the full extent of the breach.
#38
FlyerTalk Evangelist
Join Date: Nov 2000
Location: Nashville -Past DL Plat, FO, WN-CP, various hotel programs
Programs: DL-MM, AA, SW w/companion,HiltonDiamond, Hyatt PLat, IHF Plat, Miles and Points Seeker
Posts: 11,072
We have some 20+ different credit cards. And, stupidly, many have the same passwords and ID. We will get hacked at some point, but will just use a different card. I am planning to travel with at least 6 different cards on our upcoming trip.
#39
Join Date: Sep 2000
Location: Los Angeles, CA,
Programs: Hilton Diamond, IHG Diamond, Hertz President Circle, Copaair Presidential, and Southwest A-List
Posts: 587
As reported, Hyatt became fully aware of the hacks. It was not "suspected" by Hyatt, but confirmed.
I assume that the system maintenance was to put new security measures in place to reduce the situation.
It would have been nice to just come come upfront and say that there has been a security breach and we are working on resolving the situation.
Rather it has been less than transparent from Hyatt, and even now as it has already been confirmed by other sources, Hyatt has yet to directly reach out to its customers to inform them of the potential damage.
I guess I can see why they would be hesitant to share the info for fear of losing potential business due to people being afraid of others getting access to their personal info if booked/reserved with Hyatt.
I am no security expert on proper protocol for handling data breach, but as a customer, I just want a vendor with whom I do business with to be transparent as much and as soon as possible when security breach has occurred.
I assume that the system maintenance was to put new security measures in place to reduce the situation.
It would have been nice to just come come upfront and say that there has been a security breach and we are working on resolving the situation.
Rather it has been less than transparent from Hyatt, and even now as it has already been confirmed by other sources, Hyatt has yet to directly reach out to its customers to inform them of the potential damage.
I guess I can see why they would be hesitant to share the info for fear of losing potential business due to people being afraid of others getting access to their personal info if booked/reserved with Hyatt.
I am no security expert on proper protocol for handling data breach, but as a customer, I just want a vendor with whom I do business with to be transparent as much and as soon as possible when security breach has occurred.
#41
Join Date: Jul 2013
Posts: 1,872
Wow Hyatt , not even an email to your customers about the data breach? And what about your website and the app? The mobile App hasn't been working for months.
#42
Join Date: Jun 2013
Posts: 2,363
I am convinced that I am a victim of this breach. My chase sapphire pref was cloned and was used for fraudulent activity this week. It was used to make purchases in Chicago, where I have stayed MANY times at multiple Hyatts using my sapphire pref
#43
Join Date: May 2007
Location: London and Madrid
Programs: BA Gold, UA 2MM, Hyatt Globalist, Columbia Record & Tape Club Triple Diamond VIP
Posts: 580
This is what happened to United...
#44
Join Date: Jul 2004
Location: ORD
Programs: AA PLT, UA Silver, EK Gold, Hilton Diamond, Global Entry, Clear
Posts: 1,082
#45
Join Date: May 2007
Location: London and Madrid
Programs: BA Gold, UA 2MM, Hyatt Globalist, Columbia Record & Tape Club Triple Diamond VIP
Posts: 580
For those who care to know about such things, the "credit monitoring" services often pose as much or more risk to you than the company whose poor security allowed the breach.
Never give your SSN over the phone, a basic rule of thumb that eliminates the two companies who were to "monitor" my credit after the Anthem and United breaches.
Unfortunately, this is likely the beginning, not the end of trouble from this incident.
Never give your SSN over the phone, a basic rule of thumb that eliminates the two companies who were to "monitor" my credit after the Anthem and United breaches.
Unfortunately, this is likely the beginning, not the end of trouble from this incident.