CHICAGO–Hyatt Hotels has provided additional details in the data breach that company said it discovered in November of 2015, and now says that malware infected 250 of its properties across 50 countries.
According to Hyatt, anyone who used a payment card at one of the affected properties last year from July 30 to Dec. 8 could be at risk. In the U.S., 100 hotels in 26 states are involved. The breach primarily occurred at restaurants inside the affected hotels, in addition to golf shops, spas, parking, and a limited number of front desks, the company said.
In the updated information it released, Hyatt said it has hired several third-party digital forensic and IT security firms to investigate. That investigation has discovered that the malware gathered up data from cards that were used on-site, rather than online, and that cardholder names, card numbers, card expiration dates as well as internal verification codes "as the data was being routed through affected payment processing systems” was captured.
It said it does not know how many customers’ cards are affected by the breach.