Cyber Incident Victim: Hyatt Hotels Corporation

In late 2015, Hyatt Hotels Corporation publicly disclosed a cybersecurity incident involving malware on computers supporting payment processing systems at Hyatt-managed properties. The company detected unauthorized activity on its network and promptly initiated an investigation with assistance from third-party cybersecurity experts. While the investigation remained ongoing at the time of the December 23, 2015 announcement, Hyatt confirmed the malware specifically targeted systems handling customer payment card data. The company implemented immediate security enhancements across its infrastructure but did not specify technical details about the malware's functionality or duration of network presence. Affected properties included the Grand Hyatt Goa in India, though the full scope of impacted locations worldwide was not disclosed in the initial notification.

Hyatt established a dedicated informational webpage (hyatt.com/protectingourcustomers) and telephone hotlines to address customer concerns, advising payment card users to vigilantly monitor account statements for unauthorized transactions. The company emphasized standard cardholder protections against fraudulent charges when promptly reported to financial institutions. Corporate headquarters in Chicago coordinated the response, which included containment measures and system security reinforcement across Hyatt's global portfolio of 627 properties in 52 countries. No specific data compromise figures or attacker attribution details were provided in the disclosure. The investigation continued beyond the initial announcement with commitments to post updates through the designated web portal as new information became available.