Another day, another big credit card data breach at a hotel. The latest victim: Hyatt, which has acknowledged a breach that involved some 250 hotels in 50 countries. If you paid for anything at a Hyatt between August 13, 2015 and December 8, 2015, doublecheck your credit card statements. That’s especially true if you ate in a restaurant, where Hyatt indicated most impacted accounts were used. But it added this worrisome qualifier: “A small percentage of the at-risk cards were used at spas, golf shops, parking and a limited number of front desks, or provided to a sales office during this time period.”
That means if you used plastic to pay for anything at Hyatt, be worried.
Hyatt joins a lengthening line of hotel operators that have suffered big breaches. Victims are known to include Wyndham, Mandarin Oriental, Hard Rock, Trump, management company White Lodging (many Marriotts were involved), Destination, and Hilton.
Hotel guests have to question the wisdom of using plastic at any hotel - but of course not using plastic is not necessarily easy. Most require a credit card on check in. Can a guest do anything to protect himself?
First, it's important to understand why are so many hotels falling victim to criminal hacks.
Attorney and identity theft expert Steven Weisman, who teaches at Bentley University in Waltham, Mass., offered this insight: “Hotel chains have become the low hanging fruit for many large scale hackings which will continue to occur as the hotel computers are easy to access through standard phishing and spear phishing techniques to plant the malware necessary to steal credit and debit card information.”
What that means is that self protection is our responsibility. Hotel guests cannot rely on hoteliers to protect their credit card info - so what can you do to protect yourself?
“Use cash,” said Paul Robinson, a cybersecurity solutions advisor with GreyCastle Security in Troy, N.Y. “Hackers haven’t figured out a way to hack cash yet.” Robinson acknowledged that at most hotels, a credit card is part of check in, so his advice is meant for purchases in restaurants, gift shops and the salon.
Christopher Budd, a security expert with Trend Micro, agreed. “Don’t use credit cards at gift shops," he said. "That’s easily the best thing you can do.” Probably put the hotel bar on the "no credit card list," too. If you can’t expense the transaction, just pay with cash at a hotel, it’s more secure.
Candidly, that advice is good. But most of us want to continue to use credit cards. How can we do that and stay safe?
“Set up and enable text messaging of all transactions,” advised self described hardcore business traveler Joe Palko, who works for a web design company. That is especially good advice if you have recently stayed at a hotel in a group that has recently been victimized - such as Hyatt or Trump. Eyeballing the purchases in close to real time will let you cut off any fraud before it is likely to cause real damage to your credit.