US based hotelier group Hyatt has released a list of hotels at which customers may have had their bank card information hacked. Malware was planted on the computers which Hyatt uses to process bank card payments made at its own hotels, but not franchised ones.
A statement released on behalf of Chuck Floyd, Hyatt’s world operations director, said 250 of the hotels it manages directly were affected. Hotels on the list are in locations as far apart as the UK, the US and Indonesia.
The statement said the malware was on the payments system from 30 July until 8 December 2015. It noted that the virus had lain undiscovered for four months, but cyber experts had now plugged the leak.
Mr Floyd explained that the malware had accessed the names of cardholders, card numbers and the dates cards expired. He said payments customers made by card at reception desks, onsite restaurants and spas, charged car parks and shops could all have been compromised.
He continued by saying that Hyatt patrons needed to keep a close eye on their statements and immediately report any suspicious transactions. He finished off with the claim that the leak had been plugged and customers need not be afraid of their details being illegally accessed.
After news of the hacking broke, Hyatt teamed up with CSID to provide cardholders with free card fraud protection for one year. Hyatt currently boasts a collection of 627 hotels. The group manages 318 of them and the rest are run under franchises.