Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Businesses Privacy Security The Almighty Buck

Hyatt Hotels Discovers Card Data Breach At 41 Properties Across 11 Countries (krebsonsecurity.com) 20

Hyatt Hotels has suffered a second card data breach in two years. In the first breach, hackers had gained access to credit card systems at 250 properties in 50 different countries. This time, the breach appears to have impacted 41 properties across 11 countries. Krebs on Security reports: Hyatt said its cyber security team discovered signs of unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. "Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities," the company said in a statement. "Hyatt's layers of defense and other cybersecurity measures helped to identify and resolve the issue. While this incident affects a small percentage of total payment cards used at the affected hotels during the at-risk dates." The hotel chain said the incident affected payment card information -- cardholder name, card number, expiration date and internal verification code -- from cards manually entered or swiped at the front desk of certain Hyatt-managed locations. It added there is no indication that any other information was involved.

Hyatt Hotels Discovers Card Data Breach At 41 Properties Across 11 Countries

Comments Filter:
  • Here's the solution.
    Stop collecting and storing data on your customers. If you don't have it, it can NOT be hacked.

    Screw your "loyalty program", it does not come free, its just added to the price (as is the admin for it). I am not interested in paying 15% more so I can get the 10th stay free.
    If you demand my email address, you will get one, its mine, its legitimate, but its ignored by me except to purge it now and again. Why, because I have had my email address sold/ given out to "select partners" too
    • Stop collecting and storing data on your customers. If you don't have it, it can NOT be hacked.

      That's why I use Apple Pay whenever I can. The retailer gets no information other than "paid". If I had an Android phone I would use whatever the equivalent is over there. Apple and Google have a lot less chance of being hacked, unlike the near-certainty for so many of these outfits.

      • Call me old fashioned, but i either use cash, Paypal or chip-and-pin. If you don't take one of those, you don't get my business.

        Contactless/NFC IMHO is so easy to skim, i'd rather not have it at all.
    • by rtb61 ( 674572 )

      I would say, beware where you place insecure security cameras. Spying on your reception staff, making sure they are not doing naughty things but don't really care who else logs into those cameras. Well, when you staff checks credit cards and flips them over in front of high definition cameras, any one else who logs in, can also watch your stuff check those credit cards and I'll bet you hooked all those security cameras up together, so head office could spy on all reception staff, all of the time, as could a

  • Multinational company gets hacked. Loses millions of peoples personal details. More at 11.

    Seriously, this is hardly even news any more. And that's hardly a good thing.
  • That article, a bit short on actual technical details :)

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...