Hyatt names hotels affected by payment information malware

Another hotel chain has been hit by a large malware attack, and this time it’s the Hyatt Hotels chain.

The hotel giant has published a list of its hotels across the globe affected by a malware infection that exfiltrated payment card information including cardholder names, card numbers, and expiration dates.

And, yes, before you ask, the chain is offering one year’s free protection to those affected.

In a statement posted earlier this week, the Chicago-based chain said an “investigation identified signs of unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at restaurants, between August 13, 2015 and December 8, 2015.”

The statement continued: “The malware was designed to collect payment card data – cardholder name, card number, expiration date and internal verification code – from cards used onsite as the data was being routed through affected payment processing systems. There is no indication that other customer information was affected.”

A list of the affected locations is available here:

The usual spiel

A data breach notification letter wouldn’t be complete without the usual “we care for our customers’ security” and Hyatt’s announcement stays true to that. Their statement, available here, starts with “Protecting customer information is critically important to Hyatt”.

Obviously not important enough.

This article will continue to be updated as more information becomes available. Subscribe to our Daily Sentinel to ensure you don’t miss out on any updates.



  1. Engr. Muhammad Naeem AKhtar January 18, 2016
  2. Steve Byrne January 18, 2016