430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hyatt Hotels suffered a new payment card breach, the second in two years

The Hyatt Hotels Corporation notified customers that their credit card information may have been stolen by crooks, the second time in 2 years. The Hyatt Hotels Corporation made the headlines once again, the company notified customers that their credit card information may have been stolen by crooks. The data breach affects three hotels in the United States, […]

Hyatt Hotels suffered a new payment card breach, the second in two years

The Hyatt Hotels Corporation notified customers that their credit card information may have been stolen by crooks, the second time in 2 years.

The Hyatt Hotels Corporation made the headlines once again, the company notified customers that their credit card information may have been stolen by crooks.

The data breach affects three hotels in the United States, 18 in China, four in Mexico, three in Puerto Rico, three in Saudi Arabia, three in South Korea, and facilities in Brazil, Colombia, Guam, India, Indonesia, Japan, and Malaysia.

“We understand the importance of protecting customer information and securing our systems, and we regret to inform you that we discovered signs of and then resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. A list of affected hotels and respective at-risk dates is available here.” states the breach notification.

Hyatt Hotels card breach

According to Hyatt, crooks planted a malware on payment systems at certain hotels to harvest credit card data from guests that physically entered or swiped at some hotel front desks between March 18, 2017 and July 2, 2017.

The malicious code allowed crooks to siphon cardholder name, card number, expiration date, and internal verification code.

“Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems. Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue.” continues the notification.

At the time, Hyatt is not able to identify each specific payment card that may have been affected by the data breach.

“While we estimate that the incident affected a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period, the available information and data does not allow Hyatt to identify each specific payment card that may have been affected,” said Chuck Floyd, global president of operations at Hyatt Hotels Corporation.

Unfortunately, this isn’t the first time the company discovered a data breach, this is the second incident in the last two years.

In January 2016, the Hyatt Hotels Corporation announced a total of 250 of its resorts were compromised in a malware-based attack in 2015, hackers stole customer payment card information.

At the time of the incident, the company announced a significant enhancement of cybersecurity measures to protect its payment systems, but the actions were obviously not enough.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Hyatt Hotels Corporation, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]