Hyatt Corp., hotel guests are being warned of a credit card breach, the second since December 2015. On Thursday, the hotelier identified 41 of its hotels spread across 13 countries where it confirmed unauthorized access to payment card information.
China is the hardest hit by the breach with 18 hotels impacted. Three U.S. hotels were part of the breach and were each located in Hawaii. Hyatt properties in India, Japan and Saudi Arabia were also impacted.
Hyatt said affected guests are those who had their credit cards manually entered or swiped at the front desk at breached locations between March 18 and July 2.
“Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems,” wrote Chuck Floyd, global president of operations for Hyatt Hotels Corporation, in an open letter to customers posted to its website. “I want to assure you that there is no indication that information beyond that gained from payment cards—cardholder name, card number, expiration date and internal verification code—was involved.”
Floyd said the breaches only impacted “a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the time period.” Nevertheless, he assured Hyatt customers that as a result of the attack, Hyatt had implemented measures designed to prevent future attacks. “Guests can feel confident using payment cards at Hyatt hotels worldwide,” he said.