Hotel Attacks

24 December 2015…not terrorism, but a common attack issue: Hyatt is hacked!

24 December 2015… (maybe) not terrorism, but a common attack issue: Hyatt is hacked!

On 24 December, the BBC reported that Hyatt discovered malware on its payment processing system, which impacts 318 of its 627 properties. The former properties Hyatt manages directly. Franchisers manage the others.

Chuck Floyd, President of Global Operations at Hyatt, said the company had repaired the problem and was urging customers to monitor their financial statements for fraud and the like.

The company was tightlipped about any potential damage done, but it did say that it had hired outside consultants to strengthen its cyber security – reportedly FireEye and its Mandiant unit.

Reuters says that Hyatt discovered the attack on 30 November, and that it was the fourth major hotel chain to have been hit by cyber attack since October this year. The other victims include Hilton, Starwood, and Trump Hotel Collection.

Hyatt set up a website for customers explaining the attack and mitigation options: A MESSAGE FROM OUR GLOBAL PRESIDENT OF OPERATIONS

The Hyatt cyber attack represents an obvious and growing trend: the international business community – hotels certainly included – is inexorably linked via the Internet, and hackers, be they criminal or terrorist, are hunting for opportunities to cause mayhem and steal money. Hotels are clearly in their crosshairs.

Furthermore, in the same way that terrorists see hotels as soft targets that reap sensational headlines and heavy damages/high casualties, hackers see hotels as ideal poaching grounds to ply their expertise. Hotels process thousands upon thousands of payments on a daily basis, and once hackers breach their cyber defenses, they can gain access to these payment processes and to the people making these payments – specifically, their personal and financial data. A single breach, then, can have a geometric and inordinate impact on hotel patrons, not to mention a hotel’s brand/reputation, which can equate to business losses.

Combatting hackers requires that hotels not only to have cutting edge defenses, it also demands they stay on top of evolving threats and hacking techniques. For certain, Ben Franklin’s adage about being prepared applies here: An once of prevention is worth a pound of cure.

Sources and further reading:

Hyatt hotel visitors hit by payments system hack,” BBC, 24 December 2015.

Hyatt Hotels attacked with payment-card stealing malware,” Reuters, 24 December 2015.

Copyright © Muir Analytics 2015