[Owasp-board] Hyatt Data Breach
josh.sokol at owasp.org
Mon Jan 18 13:41:36 UTC 2016
I saw DerbyCon issue a similar statement as they were affected by it as
well. I think that it would be a good "heads up" considering the community
that we serve.
On Sun, Jan 17, 2016 at 11:54 PM, Andrew van der Stock <vanderaj at owasp.org>
> So the hotel we used was one of those breached. Anyone who stayed
> additional days, used the hotel's parking, gym, and other amenities might
> be at risk.
> Do we make a statement to owasp-community? I think we owe them that at
> least, something along the lines of:
> "OWASP uses a conference registration payments system that is separate to
> However, our hotel for AppSec USA 2015 was one of those Hyatt has
> indicated was breached:
> - Payments made to OWASP through our conference registration system
> are not part of the Hyatt breach
> - If you used your card directly at Hyatt for items such as gym
> access, car parking and so on, you might have been breached
> - Check your credit card statements for any suspicious activity
> - If you do spot suspicious activity, please contact your bank and
> Hyatt directly
> For more information about the breach, please see
> On Tue, Jan 5, 2016 at 3:35 AM, Paul Ritchie <paul.ritchie at owasp.org>
>> Hi Josh, All.
>> On the OWASP Foundation side our Conference registration system for
>> payments for attendees to training and seminars is not via Hyatt.
>> We generally use the 3rd party apps through our Sales Force DB, or via
>> OWASP's RegOnline acct.
>> Occasionally we "may" pay some hotel catering or A/V bills via the OWASP
>> Credit card.....but we also do a reconciliation of the OWASP Credit card
>> statement, ** every single month **.
>> I can see some potential risk to our attendees, if they used their
>> personal credit cards to pay for hotel sleeping rooms, etc. at a Hyatt.
>> So, if they did find a fraudulent charge on their personal card, they'd
>> need to take that up with Hyatt directly.
>> Best Regards, Paul Ritchie
>> OWASP Executive Director
>> paul.ritchie at owasp.org
>> On Mon, Jan 4, 2016 at 7:11 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>> I know that we've used Hyatt for a few conferences. I wonder how this
>>> may affect us or our attendees?
>>> --Hyatt Hotels Says Malware Found on Payment Systems
>>> (December 23 & 24, 2015)
>>> Add Hyatt to the list of hotels that has found malware on its payment
>>> systems. Hyatt disclosed the breach on December 23, 2015, but did not
>>> say how many of its properties were affected. The malware is designed to
>>> steal payment card information. Hyatt has called in an outside company
>>> to investigate.
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board