Hyatt Payment Card Security Notice
Friday, January 15, 2016
MESSAGE FROM GLOBAL PRESIDENT OF OPERATIONS
Hyatt completes payment card incident investigation
Dear Hyatt Guest,
Protecting customer information is critically important to Hyatt. We have been working tirelessly tocomplete our previously announced investigation regarding malware that targeted payment card data used atHyatt-managed locations. We now have more complete information we want to share so that you can take steps to protect yourself.
The investigation identified signs of unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at restaurants, between August 13, 2015 and December 8, 2015.A small percentage of the at-risk cards were used at spas, golf shops, parking, and a limited number of frontdesks, or provided to a sales office during this time period. The at-risk window for a limited number of locations began on or shortly after July 30, 2015.
The malware was designed to collect payment card data – cardholder name, card number, expiration date and internal verification code – from cards used onsite as the data was being routed through affected payment processing systems. There is no indication that other customer information was affected.
The list of affected Hyatt locations and respective at-risk dates is available at www.hyatt.com/protectingourcustomers. Additionally, for at-risk transactions where a cardholder’s name was affected, we are in the process of mailing letters to customers for whom we have a mailing address and sending emails to customers for whom we only have an email address.
We worked quickly with leading third-party cyber security experts to resolve the issue and strengthen the security of our systems in order to help prevent this from happening in the future. We also notified lawenforcement and the payment card networks. Please be assured that you can confidently use payment cards at Hyatt hotels worldwide.
Most importantly, we encourage you to remain vigilant and to review your payment card account statements closely. You should report any unauthorized charges to your card issuer immediately. Speak to your card issuer for details because, while card issuers’ policies related to fraud may vary, payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.
Additionally, Hyatt has arranged for CSID to provide one year of CSID’s Protector services to affected customers at no cost to them. CSID is one of the leading providers of fraud detection solutions andtechnologies. In order to activate CSID’s Protector coverage, affected customers in the U.S. may visit www.csid.com/hyatt-us and affected customers outside the U.S. may visit www.csid.com/hyatt-intl to complete a secure sign up and enrollment process.
If you have questions or would like more information, please call 1-877-218-3036 (U.S. and Canada) or +1-814-201-3665 (International) from 7 a.m. to 9 p.m. EST.
Please be assured that we take the security of customer data very seriously. We deeply regret the inconvenience and any concern this may have caused you.
Global President of OperationsHyatt Hotels Corporation