Hyatt is alerting customers about another credit card breach at some of its hotels – 41 hotels in 11 countries. This is the second major incident with the hospitality chain in as many years. Hyatt said its cybersecurity team discovered signs of unauthorised access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. IT security experts are commented below.
“This event, through the spring and early summer of this year, seems to involve properties in every country in which Hyatt does business. The harvested customer payment card data – including expiration dates and verification codes – is extremely valuable data that will be sold on the Dark Web or used in credit card cycling scams. It’s also easily combined with other stolen data to build entirely new synthetic personas for all manner of fraud.
“It’s imperative that every organisation handling this level of sensitive payment and customer data consider adopting more advanced security measures in the form of multi-layered integrated solutions that include passive behavioural biometrics. The use of passive behaviour detection to immediately and transparently ascertain authentic from fraudulent customers will defy fraudsters and protect brands’ reputations, as well as their customer data.
“The travel and leisure industry – like so many consumer-facing sectors – has time and again shown itself extremely vulnerable to breaches. This latest concerning breach is just one more reason why companies such as Hyatt must adopt more advanced security and authentication measures based on trusted identity, and consumers must diligently, routinely check their credit files for suspicious credit applications and consider freezing their credit profiles.”
“Another day and yet another data breach. Despite the ever increasing threat of cybercrime, it seems that many companies are still struggling to properly secure their customers’ data. While the notion of breach fatigue is very real, millions of customers will now be wondering if their personal details are in the hands of criminals – and what kind of impact that might have on them now and in future.
“All organisations, but especially those that hold personally identifiable information, must ensure their security tools are fully integrated with automated monitoring in place. Having the right combination of people, process and technology is vital to effective data protection. It’s often a case of when, not if, systems will be attacked. To stay ahead of criminals, maintain operational efficiency and boost profitability, enterprises must be able to rapidly detect a threat and correct any damage.”
“From this breach, cybercriminals were able to steal the data required to make fraudulent purchases (cardholder names, expiration dates, and internal verification codes). Hyatt is urging all customers to monitor for fraudulent card activity, which indicates they don’t actually know whose data was stolen. Network traffic analytics and historical forensics should be deployed on every network so that when these inevitable data breaches occur, organizations can know what data was stolen and understand specifically who needs to be notified.”
.
.
Christian Lees, Chief Information Security Officer atInfoArmor:
“We continue to see threat actors specifically targeting hotels and accessible retail outlets where credit card transactions are both routine and frequent. PII and credit card data continue to be solicited and monetized in underground communities as a simple and viable way to fund further nefarious activity. As long as there is a market demand for this data, there will be those who will work to obtain it and profit from that activity.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.