On Tuesday, Hyatt alerted some 200 customers that their Gold Passport account had been flagged for suspicious activity, while the other 18 million members have had their account passwords reset out of an abundance of caution.\u201cAs part of Hyatt Gold Passport\u2019s routine monitoring of member account activity, we found a small number of accounts were accessed by an unauthorized individual utilizing member usernames and passwords,\u201d the hotel chain explained in a letter to program members.\u201cWe have no reason to believe, at this time, the login information was obtained through Hyatt Gold Passport, and we continue to analyze and monitor our systems. We have reached out to members we know have been affected to resolve any concerns.\u201dThe letter goes on to say that in order to \u201cenhance account security\u201d passwords connected to a given username have been reset. This means that when any of the more than 18 million members access their account with a username rather than their account number, they\u2019ll be prompted to reset their password.\u201cWe strongly recommend that you reset your username and password to a unique combination not used elsewhere. You will not be able to access your account online until you change your password.\u201dThose with questions are encouraged to call 800.228.3360, or their local Hyatt.Update:In a statement, Trey Ford, Global Security Strategist for Rapid7, pointed out that Hyatt did the right thing when it comes to this type of disclosure. Compared to the other disclosures from organizations that have experienced a security incident this year, Hyatt's is simple and honest."Transparency is one of the most effective ways to build trust with customers. Hyatt\u2019s client notification on the unauthorized access of Hyatt Gold Passport accounts wasn\u2019t just good for establishing trust \u2013 they are educating and building loyalty. The company explained what happened, how they found the issue, and what steps customers should take to protect themselves."Hyatt took action without being alarmist or cryptic, and were instead straightforward and meaningful. The more we see companies communicate like this around security issues, the more we move the industry forward."