So credit karma poses more risk? When I don't even have to give them my credit card? What BS. I don't know what you been smokin, but I think they sell it legally now in Colorado. :D

I'm not affected but I want free credit monitoring by posing as a victim

Credit Karma does not ask you to give DOB or SSN over the phone to an agent.

You might consider reading posts before responding with snarkiness that suggests you didn't read or do not understand.

So...did Hyatt ever publish a list of properties affected?

This is a totally general statement and in most cases, false.

OK, fine. This is a separate statement from the first sentence. Has nothing to do with Hyatt. Hyatt was a data breach in which someone hacked into their system. Nobody on the phone, nobody giving out social security numbers.

That remains to be seen.

How do we know that someone "hacked into their system"? All we've heard is that they "recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations" That could have happened by a Hyatt staff member using those computers to browse unsavory sites...

No. Having a human handle key information like DOB or SSN is always a security risk. Such information should always be encrypted. That's why these credit monitoring "services" are themselves often a honeypot and a target.

Beware of these services.

This is a totally general statement and in most cases, false.

I think you are misleading people. We are talking about bad guys possibly hacking into our Hyatt accounts. That is the issue. That is the story. We are not talking about giving out our D/O/B or our social security numbers to credit monitoring services. Don't change the subject of the post. The information that may be subject to a hack would have been contained in our Hyatt accounts.

We accept your public service message not to give out our D/O/B and SS# over the phone, specifically to credit monitoring services - but in reality you should never give out this information over the phone to anybody. Most people know that. Thank you for your concern.

"Customers encouraged to review payment card account statements closely"

They can soften the wording as much as they want, it's still a hack.

You seem new to these issues.

The standard remedy after a hack is to offer "free credit monitoring" from one of about four services. Three of these services have security practices so lax that they likely create more problems than they solve.

I'm posting this so that those whose accounts are affected are careful to not accept such remedies. I've been through this three times this year.

You need to understand what's happening AND what's about to happen.

You're welcome Mr. Baloney.

That is quite unlikely. The payment server isn't someone's desktop that gets used for surfing the web. Chances are in doesn't even have a browser installed.

OK, thank you for the information. Although I disagree with mostly everything you say except - "nobody should give out personal information over the phone." We agree on this one. Again, thank you for the public service announcement.

1 - So far, Hyatt has not been very forthcoming. So why assume anything? Why assume that they will give "free credit monitoring??"

2 - Second, I've had free credit monitoring now for about 5 years - from at least four (4) different companies. I've had no issues whatsoever.

3 - Third, I've never had to give out my social security number OR d/o/b over the phone in order to get these services.

4 - Fourth, if what you say is true and these credit monitoring services are so, sooooo vulnerable and not trustworthy - they would be out of business by now.

So - I appreciate your input, and I will consider it, but I don't agree with a lot of what you say (just being honest). I think maybe you just like using the term "honeypot?" :rolleyes:

Um... but if the malware is where the PMS software is, the credit card is swiped and passed onto the software usually unencrypted unfortunately. It's worse when the PMS software is hosted (like Micros Opera in the cloud which a lot of Hyatts + other chains have... and I manage).

It's funny because even PMS installers will refuse to store CC #s at any property because they know how insecure most systems are from top to bottom.

Chip and Sig/PIN is supposed to change that (with one time auth tokens) but the tech to deploy it isn't easy and very immature to deploy it on any scale (and Oracle is making a mess with Micros which doesn't help things in terms of interfaces).

Still not too happy that Hyatt is not making the investigation any more transparent.

And they could at least give us a list of the properties in question. We don't even get that much. Or maybe (worse yet) they have no idea.

I'm somewhat of a newcomer to Hyatt properties and gave them a bunch of business literally the day before this was announced (no, I didn't snag Diamond for free like a lot of people, they just have the best locations for these particular stays).

All the stays are fully refundable and I'm contemplating cancelling but as BillyBaloney has mentioned, it would help if they gave any information beyond 'insert corporate bs jargon here'. I'm considering cancelling purely on the basis of the contemptuous manner in which they're handling this but they've got the lack of availability in other properties on my list working in their favour right now.