By Christine Kern, contributing writer
In news this week, breaches at Hyatt Hotels and Pizza Hut have affected large numbers of customers, highlighting the importance of speedy notification; and Delta has unveiled a new automatic check-in feature on its mobile app.
Second Breach At Hyatt Hotels Causes Concerns
Hyatt Hotels Corp. has announced that it has suffered a second breach of payment card information in two years. The event affected certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017, according to Reuters. Hyatt has stated that compromised information included cardholder names, card numbers, expiration dates, and internal verification codes from cards either swiped or entered manually at the front desks of affected locations. A list of affected hotels is available here.
The company stated, “Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities. Hyatt’s layers of defense and other cybersecurity measures helped to identify and resolve the issue….While we estimate that the incident affected a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period, the available information and data does not allow Hyatt to identify each specific payment card that may have been affected.”
The previous breach occurred in late 2016, when Hyatt stated that hackers had gained access to credit card systems at 250 properties across 50 different countries over a four month period.
In an email, Robert Cattanach, partner at the international law firm Dorsey & Whitney, stated:. "Breach fatigue may be the new normal, but the second successful attack on Hyatt in as many years is sure to raise the eyebrows of regulators, not to mention plaintiffs’ lawyers. Both hacks involved the loss of customer credit card information, with the first attack affecting even more properties. While the company claims that it has implemented additional security measures to strengthen the security of its systems, no explanation was given as to why these additional measures were not implemented after the first attack. Estimates of actual harm have yet to be provided, which is typically the weak spot of any attempted class action, but the liability exposure seems problematic regardless," Cattanach says.
Delta Introduces Automatic Check-In Option Via Mobile App
Delta Airlines has introduced a new automatic check-in option for flights via its mobile app, according to CNBC. Responding to customer requests, the airline has rolled out the new feature which allows fliers to skip the long check-in lines at the airport. The new functionality, available on the latest version of the app, automatically checks in eligible customers 24 hours prior to their scheduled departure. Customers receive an alert via email or push notification, and once travelers click on the app and acknowledge the list of TSA-banned items, a boarding pass is automatically generated. It was unclear how travelers would check a bag under the new auto check-in, however.
The app update notes, "We'll automatically check you in when you open the Fly Delta app," the update notes. "The update to the Fly Delta app is in phased roll out in the app store and includes an automated check-in experience designed to help take friction out of the travel process, in response to customer feedback," a Delta spokeswoman told CNN Tech.
“Our customers have told us Delta can eliminate some of their stress associated with upcoming travel if they know their boarding pass is ready and can see their seat assignment,” said Rhonda Crawford, vice president – global distribution, digital strategy. “Auto check-in provides that peace of mind in a simple, automated solution that also saves valuable time.”
Henry Harteveldt, a travel industry analyst at Atmosphere Research Group told CNBC that checking in for a flight is “a waste of the traveler’s time,” and noted that Delta is the only U.S. carrier to offer an automatic check-in option at this time. Other airlines are also experimenting with time-saving processes, including facial-scanning technology to replace boarding passes on KLM and the use of biometric scans by JetBlue for travelers on flights from Boston to Aruba.
Pizza Hut Acknowledges Security Breach That Affected Some 60,000 Customers
Pizza hut alerted customers via email that the company suffered a possible breach between October 1 and October 2, 2017, and customers were upset that it took the company two weeks to notify them, according to Fortune. Approximately 60,000 customers are thought to have had their personal information compromised by “third party security intrusion” over a 28-hour period, the company stated.
Among the compromised information were names, billing ZIP codes, delivery addresses, email addresses, and account numbers, expirations dates, and CVV numbers on payment cards.
“We quickly resolved a third-party security intrusion on our website and mobile app that may have compromised the information of a limited number of customers for a short period of time,” the statement issued by Pizza Hut said. “Pizza Hut identified the security intrusion quickly and took immediate action to halt it and remediate the security issue.”
“We estimate that less than one percent of the visits to our website the week of the incident was affected. We take the privacy and security of our customers very seriously and invest in resources to protect the customer information in our care. We value the trust our customers place in us and while we were able to address this incident quickly, we regret that this happened and apologize for any inconvenience this may have caused.”
The ire of customers over the lack of timely notification highlights the need for better communication in the wake of such attacks. However, as Tripwire pointed out, one reason for the delay could be an effort to forestall other hackers from discovering the data breach. The company also could have been waiting to determine the scope and type of the incident before reporting.