[Owasp-board] Hyatt Data Breach
Jim Manico
jim.manico at owasp.org
Tue Jan 19 14:53:08 UTC 2016
+1 do it
On 1/18/16 12:54 AM, Andrew van der Stock wrote:
> So the hotel we used was one of those breached. Anyone who stayed
> additional days, used the hotel's parking, gym, and other amenities
> might be at risk.
>
> Do we make a statement to owasp-community? I think we owe them that at
> least, something along the lines of:
>
> "OWASP uses a conference registration payments system that is separate
> to Hyatt.
>
> However, our hotel for AppSec USA 2015 was one of those Hyatt has
> indicated was breached:
>
> * Payments made to OWASP through our conference registration system
> are not part of the Hyatt breach
> * If you used your card directly at Hyatt for items such as gym
> access, car parking and so on, you might have been breached
> * Check your credit card statements for any suspicious activity
> * If you do spot suspicious activity, please contact your bank and
> Hyatt directly
>
>
> For more information about the breach, please see
> http://www.hyatt.com/protectingourcustomers/
>
> Thoughts?
>
> On Tue, Jan 5, 2016 at 3:35 AM, Paul Ritchie <paul.ritchie at owasp.org
> <mailto:paul.ritchie at owasp.org>> wrote:
>
> Hi Josh, All.
>
> On the OWASP Foundation side our Conference registration system
> for payments for attendees to training and seminars is not via Hyatt.
> We generally use the 3rd party apps through our Sales Force DB, or
> via OWASP's RegOnline acct.
> Occasionally we "may" pay some hotel catering or A/V bills via the
> OWASP Credit card.....but we also do a reconciliation of the OWASP
> Credit card statement, ** every single month **.
>
> I can see some potential risk to our attendees, if they used their
> personal credit cards to pay for hotel sleeping rooms, etc. at a
> Hyatt. So, if they did find a fraudulent charge on their personal
> card, they'd need to take that up with Hyatt directly.
> Paul
>
> Best Regards, Paul Ritchie
> OWASP Executive Director
> paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>
>
>
> On Mon, Jan 4, 2016 at 7:11 AM, Josh Sokol <josh.sokol at owasp.org
> <mailto:josh.sokol at owasp.org>> wrote:
>
> I know that we've used Hyatt for a few conferences. I wonder
> how this may affect us or our attendees?
>
> --Hyatt Hotels Says Malware Found on Payment Systems
> (December 23 & 24, 2015)
> Add Hyatt to the list of hotels that has found malware on its
> payment
> systems. Hyatt disclosed the breach on December 23, 2015, but
> did not
> say how many of its properties were affected. The malware is
> designed to
> steal payment card information. Hyatt has called in an outside
> company
> to investigate.
> http://krebsonsecurity.com/2015/12/malware-driven-card-breach-at-hyatt-hotels/
> http://www.nbcnews.com/tech/security/hyatt-hotels-notifies-customers-malware-found-payment-systems-n485351
> http://www.bbc.com/news/technology-35175263
> http://thehill.com/policy/cybersecurity/264182-hyatt-hotels-hit-by-hackers
> http://www.hyatt.com/protectingourcustomers/
>
> ~josh
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160119/8ba26dcb/attachment.html>
More information about the Owasp-board
mailing list