Hyatt completes investigation of 2015 cyber breach

Hyatt Hotel Corp. has completed its investigation of last year’s cyber breach, according to the Chicago-based hotel chain.

In a statement Thursday, Hyatt said its investigation of the previously announced payment card incident identified signs of unauthorized payment card data from cards used on-site and at certain Hyatt-managed locations, primarily restaurants, between Aug. 13 and Dec. 8, 2015.

A small percentage of the at-risk cards were used at spas, golf shops, parking and a limited number of front desks, or provided to the sales office during this time period, according to the statement. “The at-risk window for a limited number of locations began on or shortly after July 30, 2015,” the statement said.

Hyatt said the malware was designed to collect payment card data, including cardholder name, card number, expiration date and internal verification code, from cards used on-site as the data was routed through affected payment processing systems, and that there is no indication other customer information was affected.

A link in a letter sent to Hyatt customers lists affected Hyatt locations and respective at-risk dates.

In December, the Federal Trade Commission announced it had settled a lawsuit accusing hotel group Wyndham Worldwide Corp. of failing to properly safeguard customer information, in a case arising from three data breaches affecting more than 619,000 customers between April 2008 and January 2010.