After alerting customers to a malware issue with its payment systems last year, hotel chain Hyatt has now revealed that more than half of its 627 properties left customers exposed to having credit card details stolen.

Hotels in the US, Canada and the UK are among the 318 owned by the group whose systems were infected with malware, opening up “unauthorized access” to the names, numbers and expiry dates of its customers’ credit cards.

This included seven of the chain’s sites in NYC, three in DC and two in London, with the full list available here.

The company says it was mainly restaurant transactions that were affected between July 30 and December 8 last year, but also included a number of spa, parking lot and front-desk payments too.

It is in the process of contacting cardholders whose names were exposed and has urged its customers to “remain vigilant and to review your payment card account statements closely.”

Hyatt has also arranged for anyone exposed to the hack to get a year of free ID protection from CSID.

The company alerted police and card payment processors during its month-long investigation.

➤ Message from global president of operations [Hyatt via BBC]

Read next: Giveaway: Win the Coolest Cooler, the next evolution of the cooler