This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.
In what’s becoming a regular occurrence at Hyatt, the hotel chain has once again suffered a security breach in which customer credit card data was accessed by unauthorized parties. The affected data includes names, card numbers, expiration dates and verification codes from credit cards swiped or manually entered at 41 Hyatt properties in 11 countries.
The company’s Global President of Operations, Chuck Floyd, published a letter to the chain’s customers stating that the breach occurred between March 18 and July 2, 2017, and was caused by malicious software code being placed onto the hotels’ IT systems. “There is no indication that information beyond that gained from payment cards – cardholder name, card number, expiration date and internal verification code – was involved,” wrote Floyd in his letter.
The majority of hotels on the list are outside the US, but three Hyatt properties in Hawaii — the Grand Hyatt Kauai, the Hyatt Regency Maui, and the Andaz Maui — were involved in the breach, along with three other Hyatts in Puerto Rico and one in Guam. The largest set of impacted hotels were in China, with 18 Hyatt properties having suffered from unauthorized credit card access, including the Andaz Shanghai and the Park Hyatt Guangzhou. A complete list of all 41 affected hotels can be found here.
This is the third time in as many years that Hyatt hotels have been affected in a credit card security incident. In December 2015, the chain announced it had found malware in its payment processing system, impacting a large number of its hotels. Then in August 2016, Hyatt was one of several hotel chains — along with Starwood, Marriott and IHG — involved in a security breach at 20 properties owned by HEI Hotels & Resorts and managed by the various brands.
Hyatt isn’t offering any credit monitoring or compensation to its customers, since, according to Floyd, the company is unable to determine which cards may have been affected. But as always, your best defense against fraud is to regularly check your credit card statements to be sure you can identify all the charges posted to your account, and to immediately contact your bank if you see anything amiss. As long as you inform your financial institution in a timely manner of any charges you didn’t make, you shouldn’t be responsible for unauthorized transactions on your account.
“We understand the importance of protecting customer information and securing our systems,” wrote Floyd. “This incident is something we take seriously, and we are sorry for the inconvenience and concern this may cause our guests.”
Know before you go.
News and deals straight to your inbox every day.
NEW INCREASED OFFER: 60,000 Points
TPG'S BONUS VALUATION: $1,200
CARD HIGHLIGHTS: 2X points on all travel and dining, points transferrable to over a dozen travel partners
- Earn 60,000 bonus points after you spend $4,000 on purchases in the first 3 months from account opening. That's $750 toward travel when you redeem through Chase Ultimate Rewards®
- Chase Sapphire Preferred named "Best Credit Card for Flexible Travel Redemption" - Kiplinger's Personal Finance, June 2018
- 2X points on travel and dining at restaurants worldwide & 1 point per dollar spent on all other purchases.
- No foreign transaction fees
- 1:1 point transfer to leading airline and hotel loyalty programs
- Get 25% more value when you redeem for airfare, hotels, car rentals and cruises through Chase Ultimate Rewards. For example, 60,000 points are worth $750 toward travel
- No blackout dates or travel restrictions - as long as there's a seat on the flight, you can book it through Chase Ultimate Rewards