Skip to main content
  1. Home
  2. Computing
  3. News

Hyatt joins growing list of high-end hotel groups hit by hackers

By

hyatt joins growing list of high end hotel groups hit by hackers
Niloo138/123RF
Another day, another hack on a high-end hotel group.

Hyatt Hotel on Wednesday warned customers to check their credit and debit card bills for suspicious transactions after it discovered malware on computers that operate its payment processing systems.

The hotel group, which runs about 600 properties around the world, said it dealt with the security breach as soon as it was spotted, and reassured customers that they can once again “feel confident using payment cards” at Hyatt-operated locations, including restaurants, cafes, bars, and stores inside its hotels. An investigation into the incident is ongoing.

There were few details about the breach in both the official press release and in a message to customers posted online. However, in cases involving malware on point-of-sale systems, criminals can often grab data such as cardholder names, payment card numbers, security codes, and expiration dates.

It’s not clear when the breach started, or even when it was noticed. We’ve reached out to Hyatt for more information and will update if we hear back.

Hyatt is the latest in a growing list of high-end hotel groups to be targeted by cybercriminals planting malware on payment processing systems. Just last month Hilton revealed it’d been hit by hackers in two attacks that lasted a total of 17 weeks.

The Trump hotel chain also recently confirmed a year-long data hack, while in March the Mandarin Oriental group said it’d discovered malware attacks at a number of its hotels around the world.

Data stolen in point-of-sale raids like this often ends up being traded on illicit hacking forums, with buyers of the stolen data using it to purchase goods online or withdraw money from bank accounts.

As ever, customers are advised to keep an eye on their payment card bills and to contact their bank or card provider immediately if they spot any unusual transactions.

[Update:] Stephanie Sheppard, Hyatt’s manager of corporate communications, contacted DT to say the malware was detected on November 30, but didn’t say why it took so long to inform customers. Sheppard said more details will be released once the investigation is complete, adding that updates on the case will be posted here.

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more