Hyatt Hotels confirmed a credit card breach after discovering unauthorized access to payment card information at 41 of its properties worldwide.
The breach included cardholder name, card number, expiration date, and internal verification code for cards manually entered or swiped at the front desk of certain Hyatt-managed locations, between March 18, 2017 and July 2, 2017.
The incident was spread out across 11 countries, with many of the impacted properties located in China.
Seven U.S. locations were affected: three in Hawaii, three in Puerto Rico, and one in Guam. The Hawaiian properties affected include the Grand Hyatt Kauai Resort and Spa, Hyatt Regency Maui Resort and Spa, and the Andaz Maui at Wailea Resort. Puerto Rican locations include the Hyatt Place Bayamón, Hyatt Place Manatí, and Hyatt Place San Juan.
Other countries impacted by the breach include: South Korea, Saudi Arabia, Mexico, Malaysia, Japan, Indonesia, India, Colombia, and Brazil.
Hyatt said it completed an internal investigation after its cyber security team found signs of unauthorized access in July, caused by “an insertion of malicious software code from a third party onto certain hotel IT systems.” The hotel chain said it implemented measures designed to prevent this from happening again.
This is the second time Hyatt is rebounding from a security breach. In 2015, hackers used malware to gain access to credit card systems at 250 Hyatt properties in 50 different countries.