Hyatt Hotels Corp. reported late last week that it had found malware on the computers that operates the company's payment processing systems and is now conducting an investigation to discover the extent of the breach.
The malware targeted information stored on the payment cards, including cardholder names, payment card numbers, internal verification codes and expiration dates and only affected Hyatt-managed properties, not franchise locations, a Hyatt spokesperson told SCMagazine.com via email correspondence on Monday.
The malware was discovered on Nov. 30 as part of normal IT operations, the spokesperson said.
It is unclear how many people were affected, how long the malware was active or what kind of information was compromised, if any, but Hyatt has contacted third-party cyber security experts to examine the incident, according to a release. The spokesperson said more information will be released upon completion of the investigation.
“We have taken steps to strengthen the security of our systems, and customers can feel confident using payment cards at Hyatt hotels worldwide,” the company said on its website.
However, Kane Hardy, vice president– EMEA at Hexis Cyber Solutions said that organizations should instead acknowledge a constant state of compromise and that it's too late to call a cybersecurity expert to investigate a breach after the damage is done, in comments emailed to SCMagazine.com on Monday.
“By taking a next generation approach to integrated network and endpoint threat verification with automated persistent response, organizations can better mitigate threats before data loss occurs,” Hardy said.
Customers are advised to review their payment card accounts for fraudulent activity and are free to contact Hyatt if they have any questions concerning the breach. Hyatt Hotels Corporation could not be reached for comment.