The Hyatt hotel chain has revealed that a wide ranging security breach has affected guests at almost half its hotels over the course of six months. Compromised card payment systems in 318 of its 627 hotels, including those in the US, UK, Canada and Australia, put the data of thousands of customers at risk.
The cyber breach took place between August and December last year, and featured malware designed to collect payment card data – cardholder name, card number, expiration date and internal verification code – from cards used onsite.
Chuck Floyd, Hyatt’s global president of operations, advised guests to review their payment card account statements closely. Additionally, Hyatt has arranged to provide one year of CSID’s Protector services for fraud detection to affected customers at no cost.
In the past, the Hilton, Starwood, Mandarin Oriental, White Lodging and Trump Collection hotel chains have all suffered similar security breaches.
Mark Greisinger, of cyber risk management firm NetDiligence, which works with insurance companies to help manage clients’ risk, told Insurance Business that it’s typical that there is a certain amount of latency, where damage is hidden or has gone under the radar and may not even be detected for years. “A bad guy could have been in the network for years and years undetected and could have been doing damage every day,” he said.
Greisinger said that brokers are the driving force in educating their customers about gaps in cyber cover. “It’s now well known that cyber is not covered under general insurance. So brokers are going even further now and recognising a lot of difference in the cover being offered, so they can help the customer navigate the waters and get the right cover.”