Hackers managed to compromise payment cards used at 250 Hyatt Hotels locations in around 50 countries after infecting the company's payment processing systems with malware.
Hyatt announced the data breach back in December and launched an investigation. On Thursday, it published the full list of affected locations and the time interval during which the payment cards were exposed: Aug 13. to Dec. 8.
Most of the potentially compromised cards were used at restaurants in the affected locations, but a small percentage were used at spas, golf shops, parking systems, front desks and sales offices.
The malware installed on the company's computers was designed to capture payment card details like cardholder names, card numbers, expiration dates and verification codes when passed from the affected locations to the payment processing systems.
The company is in the process of sending notification letters to customers for whom it has physical mailing addresses and via email to others. Affected customers will be offered a one-year subscription to identity and fraud protection services provided by US-based CSID for free.
Hyatt has worked with third-party cybersecurity experts to close the security breach and take additional measures so that it doesn't happen again.
The company is the latest in a long string of organizations whose payment systems were infected with malware in recent years. Other companies from the hospitality industry that suffered similar breaches include Hilton Worldwide, Mandarin Oriental and Starwood Hotels & Resorts Worldwide.
Sign up for CIO Asia eNewsletters.