[Owasp-board] Hyatt Data Breach

Paul Ritchie paul.ritchie at owasp.org
Mon Jan 4 16:35:06 UTC 2016

Hi Josh, All.

On the OWASP Foundation side our Conference registration system for
payments for attendees to training and seminars is not via Hyatt.
We generally use the 3rd party apps through our Sales Force DB, or via
OWASP's RegOnline acct.
Occasionally we "may" pay some hotel catering or A/V bills via the OWASP
Credit card.....but we also do a reconciliation of the OWASP Credit card
statement, ** every single month **.

I can see some potential risk to our attendees, if they used their personal
credit cards to pay for hotel sleeping rooms, etc. at a Hyatt.  So, if they
did find a fraudulent charge on their personal card, they'd need to take
that up with Hyatt directly.

Best Regards, Paul Ritchie
OWASP Executive Director
paul.ritchie at owasp.org

On Mon, Jan 4, 2016 at 7:11 AM, Josh Sokol <josh.sokol at owasp.org> wrote:

> I know that we've used Hyatt for a few conferences.  I wonder how this may
> affect us or our attendees?
> --Hyatt Hotels Says Malware Found on Payment Systems
> (December 23 & 24, 2015)
> Add Hyatt to the list of hotels that has found malware on its payment
> systems. Hyatt disclosed the breach on December 23, 2015, but did not
> say how many of its properties were affected. The malware is designed to
> steal payment card information. Hyatt has called in an outside company
> to investigate.
> http://krebsonsecurity.com/2015/12/malware-driven-card-breach-at-hyatt-hotels/
> http://www.nbcnews.com/tech/security/hyatt-hotels-notifies-customers-malware-found-payment-systems-n485351
> http://www.bbc.com/news/technology-35175263
> http://thehill.com/policy/cybersecurity/264182-hyatt-hotels-hit-by-hackers
> http://www.hyatt.com/protectingourcustomers/
> ~josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160104/a3465f10/attachment.html>

More information about the Owasp-board mailing list