Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Crime Security The Almighty Buck IT

Hyatt Hotels Payment-Processing Systems Hit By Malware (csoonline.com) 32

itwbennett writes: Hyatt Hotels said Wednesday that it recently identified malware on the computers that run its payment-processing systems. And while Hyatt didn't provide more details on the breach, including how many customers might be affected, the alert to customers asking them to closely check their credit card statements suggests that hackers may have obtained critical credit card information. The breach is the latest in a series of attacks in the hospitality industry, which include Hilton Worldwide, Mandarin Oriental and Starwood Hotels & Resorts Worldwide.
This discussion has been archived. No new comments can be posted.

Hyatt Hotels Payment-Processing Systems Hit By Malware

Comments Filter:
  • By any chance was this Payment-Processing System running on Microsoft Windows?
    • by sinij ( 911942 )
      Why would it matter? They would be equally screwed in all-Linux shop.

      You don't stop targeted malware at OS level, you stop it at the network level when it attempts to dial home.
      • How did you come to this quick conclusion? Do you have some insight? If not, then you are trolling.
        • by sinij ( 911942 ) on Thursday December 24, 2015 @10:48AM (#51178141)
          'I run Linux, therefore I am secure', which is unstated premise of original post, is not justifiable position position in 2015. Especially when you are dealing with high-value target like payment processing.
          • by Anonymous Coward

            Sorry I have to call bullshit on that. Windows is a closed proprietary system, the absolute last type of system you want to use on a "high-value target like payment processing". You're correct that running Linux is not a panacea; I think few are stating that. But it's been proven that 0-days are patched much more quickly on open source packages than waiting for Patch Tuesday or whatever Microsoft calls it now.

            Most importantly, the closed source vendor may never release a patch to a dangerous flaw...a fla

            • But it's been proven that 0-days are patched much more quickly on open source packages than waiting for Patch Tuesday or whatever Microsoft calls it now. Most importantly, the closed source vendor may never release a patch to a dangerous flaw...a flaw that you may never have been made aware of!

              Thank God that open-source means that all code will be reviewed and will never have vulnerabilities. https://en.wikipedia.org/wiki/OpenSSL#Notable_vulnerabilities [wikipedia.org]

              But hey, let's see proof of the OSS movement patching 0-days quicker, please.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      And how does that matter? This isn't 1998 anymore. All operating systems have vulnerabilities. All IT teams need to make decisions balancing security, manageability, reliability, cost, etc. All large IT teams have staffs with varying amount of intelligence and dedication. The choice is operating system has so little to do with it anymore. Grow up.

  • This feels as if it was a directed attack. This could mean that the cards read were the cards used, not so much cards that where stored by them.

    Obviously still an issue if that is the case, but if it happened that way, not blatently so. It also could be that it is just the web reservation. That would be worse than the terminals, because website will include cvv code and thus can be used much easier.

  • by Anonymous Coward

    In my lifetime I have had my data leaked by (at least) a University I applied to, Home Depot, Target, T-Mobile, and my rental apartments that required a background check. I stayed at the Hyatt for Thanksgiving and recently booked there for a Wedding coming up. Just yesterday I got an email from Chase that my password/email/and phone number on the account was changed. How did they get through my secret pass phrase.... the operator gave them a new one because they knew my SSN (which the fraud dept said wou

  • At the time, it was a C program running on HP/UX. I'm guessing that they replaced it with a Windows-based system since then.

  • by vikingpower ( 768921 ) on Thursday December 24, 2015 @12:01PM (#51178485) Homepage Journal

    don't use credit cards. I don't. I pay cash. Car rentals, hotels, flights. Besides the fact that I don't incur debt - as "paying" with a credit card is actually paying with borrowed money - no data can be leaked. Sure, I am European and live in Europe. When I slap down € 2000 on the desk of a car rental company, I can drive away with a VW Golf. In the US it's virtually impossible to live without a credit card. Which demonstrates the sickness of the whole system, IMHO.

    • Stolen cash is reimbursed by your bank at a rate of $0 reimbursed for every $1 lost. Credit cards are reimbursed at $1 to $1. I'm not advocating running up a lot of debt and paying interest, but man, would my business travel be almost impossible without the cards I use (and pay off 100% every month once I get my expense check deposited).

      I'd also miss out on all the great deals, like the 60,000 miles I got for AA, plus priority boarding and free checked bags for using their Citi sponsored card. Try booki
    • That is really poor use of your capital, amped a terrible sense of financial planning. If your weakness is you can't manage your spending without using cash, you should figure out how to deal with that. A credit card can offer rebate points, can have no up-front costs, offers fraud protection, etc. which make it a zero-cost or negative-cost tool.

      Short term debt is financial leverage. If the goods you purchase have the same cost, there is no benefit to using cash.

      Carrying a balance and paying interest tho

      • Disagree. Expenses such as airline tickets and car rentals are to me, being an independent engineer, things I should be able to finance immediately out of my own pocket. Being able to do so is the result of sane financials. Running up debt for such things, even if it is short-term debt, is an unnecessary complication and inevitably has a cost. Short-term debt is only financial leverage iff it helps to secure a major deal that otherwise I could not have secured. Which has not happened until now. I learned al

        • Ah, and here are lessons #2 and #3. Lesson #2: save 10% of what you earn, if you can (if you can't, save whatever you can ). Lesson #3: only cash and gold are money. A balance on a bank account is not real money. Stock isn't, either. Nor are governments bonds or loans to other people. All these things representmonetary value, and may one day be converted to money. They may also evaporate.

          • While my parents taught me the same things in terms of financial planning, it is still a poor strategy to use only cash. Income, spending, (savings), and financing are different issues. If you defer a cash outflow of $1,000 for 30 days that is $2-10 of interest you could have made. If you get "points" for credit card spending, that is another $10-20. If you think in terms of insuring the cash against theft or loss, that is another $10-20. How much value this has to a person is a function of how much th

            • Yes. Very often, when offering to pay cash, I can get € 50 off on, say, a €1000 transaction. People don't get to see cash a lot anymore these days, but they sure **love** it. Which is another reason to use cash I have grown so accustomed to I didn't even include it in my list of more formal reasons.

  • Until customers aren't the only ones left on the hook in the case of breaches like this, companies like Hyatt aren't going to take security seriously. Sure, they might pony up for credit monitoring, but that does little to actually make customers whole if their identities are stolen or their bank accounts are emptied. If we were to start fining companies like this, say, $10,000 per card number / identity / sensitive detail stolen, I have a feeling these breaches would become far less common. Until we do thi

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!