Just before Christmas, Hyatt Hotels announced that it had become the latest hotel chain to become the victim of a data breach joining Starwood Hotels, Hilton Hotels and Trump Hotels who all announced recently that their hotel chains had been the victims of data breaches in which the personal information of their customers was stolen by unknown hackers. At this point in time, although Hyatt has confirmed that its payment processing system was infected with malware, it has not yet determined how long the data breach has been going on, which of its 627 hotels were affected and what specific information was stolen. The data breach was discovered by Hyatt on November 30th, but it did not alert the public of the data breach until December 23rd. Hyatt is still investigating the data breach and will release more information as it becomes known.
Two of the main reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards. Regulations effective October 1, 2015 mandate credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment. If smart EMV chip cards had been used at Hyatt hotels, the information that it appears may have been stolen in such a hacking would have been worthless, but since they still used the old fashioned magnetic strip cards, Hyatt and its customers face financial problems from this data breach. Target, which learned its lesson the hard way has already switched to the new EMV chip cards as has WalMart.
Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted a year ago, continue to occur again and again. As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases. In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.
Certainly if you have been a Hyatt customer within the past year, you should carefully review your credit and debit card statements for indications of identity theft and fraudulent charges. Hyatt will be posting updates on its investigation on the website http://www.hyatt.com/protectingourcustomers/ You also can call Hyatt at 877-218-3036.