Hyatt’s cyber security team discovered signs of and then resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities. Hyatt’s layers of defense and other cybersecurity measures helped to identify and resolve the issue. While this incident affects a small percentage of total payment cards used at the affected hotels during the at-risk dates, it’s important to Hyatt that we notify guests and provide helpful information about steps they can take. A list of affected hotels and respective at-risk dates is available at www.hyatt.com/protectingourcustomers.
The incident affected payment card information – cardholder name, card number, expiration date and internal verification code – from cards manually entered or swiped at the front desk of certain Hyatt-managed locations. There is no indication that any other information was involved.
The list of affected Hyatt locations and respective at-risk dates is available here.
While this incident affects a small percentage of guests, it’s important to Hyatt that we notify guests and provide helpful information about steps they can take. We have directly contacted all guests for whom we have appropriate and reliable contact information that used payment cards at affected hotels during the at-risk dates. We do not have appropriate contact information for all guests, so we have also posted this notice with a list of affected hotels and respective at-risk dates.
Please refer to your account statements to see if you used a payment card at one of the affected hotels during a relevant time period. If you believe your payment card was affected or you see any unusual activity on your account statement, you should immediately contact your financial institution.
Working with our leading third-party cyber security experts, we have resolved the issue and implemented additional security measures to strengthen the security of our systems. Customers can confidently use payment cards at Hyatt hotels worldwide.
As always, the primary step customers can take is to review their payment card account statements closely and report any unauthorized charges to their card issuer immediately. Speak to your card issuer for details because, while financial institutions’ policies related to fraud may vary, payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.
Customers with questions may visit www.hyatt.com/protectingourcustomers or call: