Hyatt Hotels has released more details on the data breach the hotel chain initially reported last month.
While the company discovered the breach in November, it now knows — thanks to a recent investigation — that the breach occurred during Aug. 13-Dec. 8. The breach impacted 250 hotels in approximately 50 countries.
The company revealed that there was a breach to payment card data from cards used at various locations during those dates.
While a majority of the card data breaches occurred at the restaurants in the hotel, some incidents occurred at the hotels’ spas, gold shops, parking facilities and the front desks. The company also admitted that some of the breaches occurred at the sales office.
“As soon as we discovered the activity, we launched an investigation and engaged leading third-party cybersecurity experts,” Hyatt Hotels Global President of Operations Chuck Floyd said in December.
Stephanie Sheppard, a spokeswoman for Hyatt Hotels, said the credit card-stealing malware attack was discovered on Nov. 30 but the company was unable to confirm how many of the hotel chain’s locations were impacted, how long its network was left vulnerable and if any payment card data was actually stolen.
The data breach at Hyatt Hotels is just the latest in a string of recent cyberattacks on businesses within the hospitality industry.
Just last month, the world’s largest hotel company, Starwood Hotels & Resorts, announced some of its hotel locations were hit by a malware attack. That breach enabled unauthorized parties to gain access to sensitive information, such as payment card number, cardholder name, security code and expiration date.
Trump Hotels, Hilton Hotels, Mandarin Oriental Hotel Group and hotel management group White Lodging Services have all reported and investigated breaches to their payment and/or point-of-sale systems this year.