14 DAY TRIAL // Just before Christmas 2015, international hotel chain Hyatt Hotels announced a card breach, but kept mum on the details. Following an internal investigation, the company has now provided a more in-depth look at what happened during the past year.
According to a press release put out by the hotel chain's management, the security specialists brought in to investigate the incident confirmed initial reports of a malware infection on the PoS system.
Hyatt Hotels says that 250 of its 625+ hotel properties were affected, in all the 54 countries it operates in. The hardest hit was the US with 99 hotels, China with 22, and India with 20.
Hotel representatives say the malware was spotted on PoS systems as early as July 30, 2015, but these seem to be the first points of infection. For most hotels, the malware was present on their systems between August 13, 2015, and December 8, 2015.
Malware found in the hotels' restaurant PoS system
Hyatt representatives say the PoS malware had collected information like the cardholder's name, card number, expiration date and internal verification code.
In most situations, the malware infection was found on the PoS systems of the hotel's restaurant, but there were cases where the malware was also discovered on the PoS systems installed at spas, golf shops, parking, and a limited number of front desks.
“2016 is picking up right where we left off last year, with more evidence of the IT security threat the hospitality industry is facing. In the new year, these businesses, from individually owned hotels to large, national chains, should resolve to strengthen security postures," said Brad Cyprus, chief of security and compliance at Netsurion, a provider of remotely-managed security services for multi-location businesses. "For many, the best way to accomplish that goal is to partner with a managed data and network security provider."
The full list of affected hotels and their respective at-risk dates can be found on Hyatt's website.