Hyatt Hotels Discovers Card Data Breach At 41 Properties Across 11 Countries (krebsonsecurity.com) 20
Hyatt Hotels has suffered a second card data breach in two years. In the first breach, hackers had gained access to credit card systems at 250 properties in 50 different countries. This time, the breach appears to have impacted 41 properties across 11 countries. Krebs on Security reports: Hyatt said its cyber security team discovered signs of unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. "Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities," the company said in a statement. "Hyatt's layers of defense and other cybersecurity measures helped to identify and resolve the issue. While this incident affects a small percentage of total payment cards used at the affected hotels during the at-risk dates." The hotel chain said the incident affected payment card information -- cardholder name, card number, expiration date and internal verification code -- from cards manually entered or swiped at the front desk of certain Hyatt-managed locations. It added there is no indication that any other information was involved.
Re: We really need to start using Rust. (Score:3, Funny)
Agreed. Just a week ago I used rust to reprogram my moms pacemaker. The stupid programmers used this old outdated technique known as assembly and C. I called the company and told them that Rust would fix all the holes, even the one in my moms heart.
Rust is such a great language, it has over 20 years in the business. No other language is as safe as rust is. Rust stops holes before they even start. If everyone programmed in rust there would be 0 exploits in the world. Why can't people see rust is the best? I
Hyatt has a cyber security team (Score:2)
Solution (Score:2)
Stop collecting and storing data on your customers. If you don't have it, it can NOT be hacked.
Screw your "loyalty program", it does not come free, its just added to the price (as is the admin for it). I am not interested in paying 15% more so I can get the 10th stay free.
If you demand my email address, you will get one, its mine, its legitimate, but its ignored by me except to purge it now and again. Why, because I have had my email address sold/ given out to "select partners" too
Re: (Score:1)
That's why I use Apple Pay whenever I can. The retailer gets no information other than "paid". If I had an Android phone I would use whatever the equivalent is over there. Apple and Google have a lot less chance of being hacked, unlike the near-certainty for so many of these outfits.
Re: (Score:2)
Contactless/NFC IMHO is so easy to skim, i'd rather not have it at all.
Re: (Score:2)
PCI-DSS in a nutshell.
Re: (Score:1)
Re: (Score:2)
I would say, beware where you place insecure security cameras. Spying on your reception staff, making sure they are not doing naughty things but don't really care who else logs into those cameras. Well, when you staff checks credit cards and flips them over in front of high definition cameras, any one else who logs in, can also watch your stuff check those credit cards and I'll bet you hooked all those security cameras up together, so head office could spy on all reception staff, all of the time, as could a
Shock! (Score:2)
Seriously, this is hardly even news any more. And that's hardly a good thing.
Microsoft Windows strikes again .. (Score:1)