UPDATED 23:34 EST / OCTOBER 12 2017

INFRA

Credit card details stolen in a second hack of Hyatt hotels

Hyatt Hotels Corp. has proven that the adage “once bitten, twice shy” is inaccurate after revealing that its payment system was hacked and customer data such as credit card details were stolen.

It was the latest significant hack to target the hotel chain since its last data breach in December 2015.

Hyatt fully disclosed the hack and its details, saying that it involved “unauthorized access” to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18 and July 2. The Hyatt hotels affected span the globe, with the majority, 18, located in China but also including Hyatt properties in Southeast Asia, South America and the United States.

“Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems,” Chuck Floyd, Hyatt’s head of global operations said in a statement. “Our enhanced cybersecurity measures and additional layers of defense implemented over time helped to identify and resolve the issue.”

Steve Moore, vice president and chief security strategist at Exabeam Inc., praised Hyatt for its public disclosure, adding that the fact that they discovered the breach themselves was a positive.

“I credit them first for self-discovery,” he said. “Several interesting things include the location of affected hotels, specifically China and the fact that the infection point was from ‘cards manually entered or swiped at the front desk.'”

Explaining the likely attack vector, Moore added that “in several public cases, adversaries will call the front desk complaining of an issue and send an email with supporting information, containing VBScript or macros that download malware and continue with password stealing and enabling remote desktop access. Alternatively, physical access could have resulted in a similar initial infection: old methods such as ‘may I use your computer’ or tossing about malware-laden USB drives.”

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU