"Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities".
It should be noted that this is now the second time in two years that the Hyatt chain has been hacked.
There is no word yet on how many people this affects, but the hotel chain estimates it only impacted "a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period".
It said that there had been "unauthorised access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations" between 18 March and 2 July 2017. "Our enhanced cybersecurity measures and additional layers of defence implemented over time helped to identify and resolve the issue".
Hyatt Hotels Corp. has proven that the adage "once bitten, twice shy" is inaccurate after revealing that its payment system was hacked and customer data such as credit card details were stolen.
In total, 41 hotels are affected, nearly half of which are in China. "Several interesting things include the location of affected hotels, specifically China and the fact that the infection point was from 'cards manually entered or swiped at the front desk'".
Hyatt isn't the only hotel chain being affected as InterContinental Hotels Group, Hard Rock Hotels and Casinos franchise, and the Travel services company Sabre Corp. all reported breaches of their systems. Fortunately, none of the Hyatt properties in the United Kingdom were breached in 2015 or this year.
"As a result of implemented measures created to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide", he said in the new statement this week. In April, UK-based InterContinental Hotels Group announced that between September 29 and December 29 of a year ago, hackers stole a large number of customer card details from a number of its locations by hacking into IHG's payment servers. In July, the California-based Wilshire Law Firm filed a proposed class-action lawsuit in a federal district court against Sabre Corp. for the eight-month-long data breach of its Synxis Central Reservation System. "Adversaries would call the front desk complaining of an issue and send an email with 'supporting information",' said Stephen Moore, chief security strategist at Exabeam.
'Alternatively, physical access could have resulted in a similar initial infection, using old methods such as "may I use your computer?" then compromising the system, or even tossing about malware laden USB drives that security unaware staff foolishly plug into their computers, ' he added.