Australian Hyatt guests at risk from payment system malware infection

Guests at Hyatt hotels in Australia may be at risk of having their credit card details stolen, thanks to information-stealing malware infecting the lodging chain's payment processing systems.

Last week, Hyatt disclosed its hotels across Australia were affected by the payments system malware infection.

The issue specifically affects the Park Hyatt in Sydney, Grand Hyatt and Park Hyatt in Melbourne, the Hyatt Regency in Perth, and the Hyatt Hotel in Canberra.

Credit and debit card transactions processed between August 14 and December 9 last year are at risk, the hotel chain said.

Overall, 250 Hyatt hotels in around 50 countries were affected by the payments system malware, with the window of risk starting around July 30 last year.

Hyatt said the malware was mostly found in payments systems in hotel restaurants. A small percentage of at-risk cards were used at spas, golf shops, parking and a limited number of front desks, it said.

The hotel chain first warned of the malware activity on Christmas Eve and said it had commenced an investigation into the breach. It has sent letters and emails to affected cardholders.

Hyatt did not say how many cards and guests were captured in the malware data breach, but advised customers to check their statements and contact their card issuers if any suspicious activity is noted.

The hotel said the unnamed malware collected cardholder names, card numbers, expiration dates and internal verification codes.

How Hyatt's payments processing systems were infected worldwide, or who the hotel chain believes is behind the information theft, was not disclosed.

Several other well-known hotel chains such as Hilton, Starwood, and United States presidential election candidate Donald Trump's hotel chain Trump Hotel Collection have also recently had their payments system data raided by malware.