Cyber Incident Victim: Hyatt Hotels Corporation
Date:
Apr 2015
Location:
United States of America
Summary
Hyatt Hotels Corporation detected unauthorized access to a small number of its Gold Passport loyalty program accounts through compromised member usernames and passwords, prompting the hotel chain to proactively reset passwords for all 18 million program members as a precaution. The incident, identified during routine account monitoring, did not appear to originate from Hyatt's systems, though specific login credentials were confirmed as compromised for approximately 200 customers who received direct notifications. Members accessing accounts via usernames were required to reset passwords to restore online access, with the company advising unique credential combinations not reused elsewhere.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In April 2015, Hyatt Hotels Corporation identified unauthorized access to a limited number of accounts within its Gold Passport loyalty program during routine monitoring of member activity. The company determined that an unauthorized individual had exploited member usernames and passwords to access fewer than 200 accounts. Hyatt promptly notified these affected members about the suspicious activity and initiated measures to address their concerns. While the investigation found no evidence that login credentials were obtained through Hyatt's systems, the company reset passwords for all Gold Passport accounts accessed via usernames as a precautionary measure. This action impacted all 18 million program members, requiring them to reset their passwords before regaining online account access. Hyatt explicitly advised members to create unique password combinations not reused on other platforms as part of enhanced security protocols.
The incident response included ongoing analysis of Hyatt's systems and continuous monitoring for further anomalies. Affected members received direct communication from Hyatt outlining the unauthorized access incident, the company's investigative findings, and recommended protective actions. The hotel chain established dedicated customer support channels, including a toll-free number and local property contacts, to address member inquiries. Third-party cybersecurity experts subsequently recognized Hyatt's transparent disclosure approach, noting its clear explanation of events, detection methods, and remediation steps without alarmist language. The password reset mandate remained the primary containment measure applied universally across the loyalty program membership base, irrespective of individual account compromise status.