In a letter to members, hotel chain urges caution, but stresses that this isn’t a major incident On Tuesday, Hyatt alerted some 200 customers that their Gold Passport account had been flagged for suspicious activity, while the other 18 million members have had their account passwords reset out of an abundance of caution.“As part of Hyatt Gold Passport’s routine monitoring of member account activity, we found a small number of accounts were accessed by an unauthorized individual utilizing member usernames and passwords,” the hotel chain explained in a letter to program members.“We have no reason to believe, at this time, the login information was obtained through Hyatt Gold Passport, and we continue to analyze and monitor our systems. We have reached out to members we know have been affected to resolve any concerns.”The letter goes on to say that in order to “enhance account security” passwords connected to a given username have been reset. This means that when any of the more than 18 million members access their account with a username rather than their account number, they’ll be prompted to reset their password. “We strongly recommend that you reset your username and password to a unique combination not used elsewhere. You will not be able to access your account online until you change your password.”Those with questions are encouraged to call 800.228.3360, or their local Hyatt. Update:In a statement, Trey Ford, Global Security Strategist for Rapid7, pointed out that Hyatt did the right thing when it comes to this type of disclosure. Compared to the other disclosures from organizations that have experienced a security incident this year, Hyatt’s is simple and honest.“Transparency is one of the most effective ways to build trust with customers. Hyatt’s client notification on the unauthorized access of Hyatt Gold Passport accounts wasn’t just good for establishing trust – they are educating and building loyalty. The company explained what happened, how they found the issue, and what steps customers should take to protect themselves. “Hyatt took action without being alarmist or cryptic, and were instead straightforward and meaningful. The more we see companies communicate like this around security issues, the more we move the industry forward.” Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe