The Chicago-based Hyatt Hotels Corporation said it identified signs of data theft from payment cards used at some 250 Hyatt-managed locations – primarily restaurants – in 50 countries from August through December 2015.
Malware reportedly intercepted payment card data, such as cardholder names, card numbers, expiration dates and internal verification codes, from information routed through affected payment card processing systems used onsite.
Hyatt also revealed a small percentage of the at-risk cards during this period completed transactions at spas, golf shops, parking lots and some hotel front desks and sales offices. The at-risk window for this limited number of locations began on or shortly after July 30, 2015.
"Protecting customer information is critically important to Hyatt, and we take the security of customer data very seriously," Chuck Floyd, global president of operations for Hyatt, said in a letter posted to the hotel's corporate website. "We have been working tirelessly to complete our investigation, and we now have more complete information that we want to share so that customers can take steps to protect themselves. Additionally, we want to assure customers that we took steps to strengthen the security of our systems in order to help prevent this from happening in the future."
The list of affected locations includes more than 100 properties in the U.S.
"Though it is common to see malware capture credit cards at the time of the swipe, in this instance, the malware collected card data while it was being routed through the affected payment processing systems, according to Hyatt's statement," Brad Cyprus, chief of security and compliance at the Houston-based cybersecurity company Netsurion, said.
Cyprus added, "2016 is picking up right where we left off last year, with more evidence of the IT security threat the hospitality industry is facing. In the New Year, these businesses, from individually owned hotels to large, national chains, should resolve to strengthen security postures. For many, the best way to accomplish that goal is to partner with a managed data and network security provider."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
