October 13, 2017//Ellen NeveuxLast Updated: April 16, 2021
It was reported this week that Hyatt Hotels suffered another major data breach, the second in two years.
Attackers targeted the organization’s front desk Point-of-sale systems. When Hyatt’s security team noticed unauthorized access to payment card information, they saw that manually entered or swiped cards were the cause of the breach.
Hyatt’s global president of operations, Chuck Floyd offered a statement to provide updates on their investigation. He confirmed that data stolen included the cardholder’s name, card number, expiration date and verification code. He notes that personal information was not compromised.
The breach occurred between March 18 and July 2 of this year. It wasn’t as far reaching as Hyatt’s 2015 attack that impacted 250 hotels – but this one still hit 41 facilities across 11 countries.
Floyd added: “Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems. Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue.”
This incident underscores the importance of internal security policies, comprehensive training at all levels, and powerful monitoring.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.