Hyatt, the Chicago-headquartered hotel chain said on Wednesday that its payment processing system was infected with credit-card-stealing malware in an attack discovered three weeks ago. This is the latest in a series of cyber-attacks at hospitality firms, including Hilton Worldwide, Mandarin Oriental, and Starwood Hotels & Resorts Worldwide.
“As soon as Hyatt discovered the activity, the company launched an investigation and engaged leading third-party cyber security experts,” Hyatt wrote in a statement.
FireEye Inc said that Hyatt had hired it to help the company investigate the attack. FireEye’s Mandiant unit is one of the biggest providers of response services to companies that are victims of cyber-attacks.
Representatives at a Hyatt call center set up to handle inquiries about the breach said the malware was programmed to collect payment cardholder names, card numbers, expiration dates and internal verification codes.
“We have taken steps to strengthen the security of our systems,” Sheppard said in the email. “Customers can feel confident using payment cards at Hyatt hotels worldwide.”
Hyatt did not disclose the type of malware used in the attack.
The company said that customers should look for information on the attack at www.hyatt.com/protectingourcustomers.
The company cautioned that guests should review their credit-card account statements carefully and report any unauthorized charges immediately.
