Newsroom

NAFCU President and CEO Dan Berger said Hyatt Hotels Corp.'s admission of the breadth and scope of its massive credit-card data breach – affecting 250 hotels in 50 countries – underscores the need for Congress to pass national data security data standards for merchants and retailers.

"This is yet another example of the far-reaching damage that can occur when retailers are not held to a higher standard of data security," said Berger. "The ramifications of these breaches continue to be monumental for credit unions. Congress must act to create a national and comprehensive data security standard for retailers and merchants to follow."

Berger testified last April before the House Small Business Committee on the need for a national data security standard for retailers. He emphasized that credit unions suffer steep losses in re-establishing member safety after each breach, and he added that NAFCU members surveyed reported being alerted to potential breaches 164 times in 2014.

Last week's announcement by Hyatt follows an earlier one that the chain had discovered malicious software intended to steal credit card data Dec. 23. Hyatt provided no other details until last week, when it reported the number of establishments affected and the timeline of the breach, which ran between Aug. 13 and Dec. 8, 2015.

This breach follows similar hotel breaches at Hilton, Starwood, Mandarin Oriental, White Lodging and the Trump Collection, according to KrebsOnSecurity. The Wall Street Journal noted that Hyatt's breach could be one of "the most wide-ranging incidents" in that series. Most of the vulnerabilities were found at hotel restaurants; others were found at hotel spas, golf shops, front desks and parking facilities.

NAFCU continues to push for the adoption of the "Data Security Act," which would hold retailers to the same standards financial institutions follow under the Gramm-Leach-Bliley Act. Winning passage of national data security standards for merchants is among the association's 2016 top priorities.