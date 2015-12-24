(Adds that Hyatt hired FireEye to perform forensics)
By Jim Finkle and Radhika Rukmangadhan
Dec 23 Hyatt Hotels Corp said on Wednesday
that its payment processing system was infected with
credit-card-stealing malware in an attack discovered three weeks
ago, the latest in a series of breaches at hospitality firms.
Company spokeswoman Stephanie Sheppard said in an email late
on Wednesday that the attack was discovered on Nov. 30.
She did not say if the attackers succeeded in stealing
payment card numbers, how long its network was infected or how
many of the chain's 627 hotels were affected.
"Customers should review their payment-card account
statements closely and report any unauthorized charges to their
card issuer immediately," she said.
Hyatt, controlled by the billionaire Pritzker family, is
the fourth major hotel operator to warn of a breach since
October.
Hilton Worldwide Holdings Inc and Starwood Hotels &
Resorts Worldwide Inc last month disclosed attacks on
payment processing systems. . Donald
Trump's luxury hotel chain, Trump Hotel Collection, also
confirmed the possibility of a data security incident.
FireEye Inc said that Hyatt had hired it to help
the company investigate the attack. FireEye's Mandiant unit is
one of the biggest providers of response services to companies
that are victims of cyber attacks.
Representatives at a Hyatt call center set up to handle
inquiries about the breach said the malware was programmed to
collect payment cardholder names, card numbers, expiration dates
and internal verification codes.
"We have taken steps to strengthen the security of our
systems," Sheppard said in the email. "Customers can feel
confident using payment cards at Hyatt hotels worldwide."
Hyatt did not disclose the type of malware used in the
attack.
The company said that customers should look for information
on the attack at www.hyatt.com/protectingourcustomers.
Cyber intelligence firm iSight Partners in late November
warned merchants about a new strain of payment-card-stealing
malware dubbed ModPOS that it said evades almost all security
software.
iSight held briefings with dozens of firms, including
hospitality companies and retailers, to provide them with
information on how to uncover ModPOS infections.
(Reporting by Radhika Rukmangadhan in Bengaluru and Jim Finkle
in Boston; Editing by Sriraj Kalluvila and Sandra Maler)