On December 23, 2015, Hyatt Hotels (Hyatt) reported that it was investigating cyberattacks that caused data breaches at its properties from August 13 to December 8, 2015. The investigation has revealed that hackers infected with malware Hyatt computers that process card payments in an attempt to steal the credit card information of hotel customers and guests. The attacks were mostly concentrated on payments processed at hotel restaurants, although Hyatt issued a warning that some “of the at-risk cards were used at spas, gift shops, parking, and a limited number of front desks” during this time period.
Overall, the global data breach affected 250 hotels in about 50 countries. According to news reports, U.S.-based hotels were not spared, with nearly one hundred of the affected hotels located in 25 states and the District of Columbia. In response to this incident, Hyatt Hotels has taken measures to strengthen its cybersecurity and has provided a phone line for customers who may have questions about the breach. As of yet, there have been no reports of litigation associated with this breach.
While the Hyatt data breach attracted news headlines because of its vast scope, data breaches are becoming a common and ever-increasing problem for companies of all sizes and across all sectors doing business in the digital age. Companies should consider investing in reasonable cybersecurity, developing effective data security and privacy policies, and implementing data breach response protocols.