Hyatt Hotels Corp. disclosed that signs of unauthorized access to payment card data were discovered and eventually resolved at certain of the company's managed sites worldwide between March 18 and July 2.
In a notice to customers, Hyatt Global President of Operations Chuck Floyd said unauthorized access to card data was caused by a malicious software code inserted by a third party onto certain information technology systems, with the data coming from cards manually entered or swiped at the front desk of the affected hotels.
The affected sites are spread across Hawaii, Mexico, Guam, Puerto Rico, China, Brazil, Colombia, India, Indonesia, Japan, Malaysia, Saudi Arabia and South Korea.
Hyatt estimates that the incident affected a small percentage of payment cards, but it is unable to determine each payment card that may have been affected based on available data.