Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Hyatt Hotels Data Breach
News & Analysis

Hyatt Hotels Data Breach

ISBuzz TeamBy ISBuzz TeamOctober 13, 2017Updated:July 8, 20243 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
cyber attack
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Hyatt is alerting customers about another credit card breach at some of its hotels – 41 hotels in 11 countries. This is the second major incident with the hospitality chain in as many years. Hyatt said its cybersecurity team discovered signs of unauthorised access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. IT security experts are commented below.

Lisa Baergen, Director at NuData Security: 

“This event, through the spring and early summer of this year, seems to involve properties in every country in which Hyatt does business. The harvested customer payment card data – including expiration dates and verification codes –  is extremely valuable data that will be sold on the Dark Web or used in credit card cycling scams.  It’s also easily combined with other stolen data to build entirely new synthetic personas for all manner of fraud.

“It’s imperative that every organisation handling this level of sensitive payment and customer data consider adopting more advanced security measures in the form of multi-layered integrated solutions that include passive behavioural biometrics. The use of passive behaviour detection to immediately and transparently ascertain authentic from fraudulent customers will defy fraudsters and protect brands’ reputations, as well as their customer data.

“The travel and leisure industry – like so many consumer-facing sectors – has time and again shown itself extremely vulnerable to breaches. This latest concerning breach is just one more reason why companies such as Hyatt must adopt more advanced security and authentication measures based on trusted identity, and consumers must diligently, routinely check their credit files for suspicious credit applications and consider freezing their credit profiles.”

Raj Samani, Chief Scientist and Fellow at McAfee:

raj_samani “Another day and yet another data breach. Despite the ever increasing threat of cybercrime, it seems that many companies are still struggling to properly secure their customers’ data. While the notion of breach fatigue is very real, millions of customers will now be wondering if their personal details are in the hands of criminals – and what kind of impact that might have on them now and in future.

“All organisations, but especially those that hold personally identifiable information, must ensure their security tools are fully integrated with automated monitoring in place. Having the right combination of people, process and technology is vital to effective data protection. It’s often a case of when, not if, systems will be attacked. To stay ahead of criminals, maintain operational efficiency and boost profitability, enterprises must be able to rapidly detect a threat and correct any damage.”

Mike Patterson, Co-founder and CEO at Plixer:  

“From this breach, cybercriminals were able to steal the data required to make fraudulent purchases (cardholder names, expiration dates, and internal verification codes). Hyatt is urging all customers to monitor for fraudulent card activity, which indicates they don’t actually know whose data was stolen. Network traffic analytics and historical forensics should be deployed on every network so that when these inevitable data breaches occur, organizations can know what data was stolen and understand specifically who needs to be notified.”

.

.

Christian Lees, Chief Information Security Officer at InfoArmor:

“We continue to see threat actors specifically targeting hotels and accessible retail outlets where credit card transactions are both routine and frequent.  PII and credit card data continue to be solicited and monetized in underground communities as a simple and viable way to fund further nefarious activity.  As long as there is a market demand for this data, there will be those who will work to obtain it and profit from that activity.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read

Making stolen data worthless: why security must start with the data

March 30, 20265 Mins Read

Meta’s Smart Glasses Privacy Scandal Expands After Sama Credentials Found on the Dark Web

March 10, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}