On the evening of Dec. 23, just as Americans collectively unplugged and began traveling for the holidays, Hyatt Hotels and Livestream both began notifying their customers that their private records may have been compromised.
So far, neither company has said how many customers may have been affected. Hyatt says it “recently identified malware on computers that operate the payment-processing systems for Hyatt-managed locations,” but has yet to confirm whether there was a definite breach. Livestream told its users via email that information may have been compromised, including their “name, email address, an encrypted version of your password, and if you provided it to us, date of birth and/or phone number.” According to the email, the video-streaming platform does not store credit-card information.
A Hyatt spokesperson told Quartz the company discovered malware on its payment-processing systems on Nov. 30, and is still investigating. It’s not unusual for a company to wait a month or so before announcing a data breach. It’s also become the norm for companies to put out a series of updates as they learn more. The number of people affected in the breach tends to go up with each one.
Typically, though, the first announcement does include some estimate of the number of people affected. When asked how many customer records are in its potentially compromised system, a Hyatt spokesperson told Quartz that information is not available. In a a press release from April, Livestream said it had ”300,000 producers streaming live events to over 40 million viewers a month.”