The hotel operator listed affected locations worldwide and the period when they were at risk, on its website.
"We do not know the number of customers affected at this time," company spokeswoman Stephanie Sheppard said in an email.
Hyatt said on Thursday it identified unauthorized access to data on cards used at certain Hyatt-managed locations, primarily its restaurants.
The company also said the "at-risk window" for a limited number of locations began on or shortly after July 30.
The malware was designed to collect data such as cardholder name, card number, expiration date and internal verification code, the company said.
Hyatt said it has notified the appropriate country and state regulators and is working with the US Federal Bureau of Investigation.
Shares of Hyatt closed down 3 percent at $38.67. Up to Wednesday's close, they had lost about a fifth of their value since the data breach was announced.
Hyatt said it has arranged an identity protection and fraud detection firm to provide one year of free services to affected customers.
The company disclosed in December that its payment processing system was infected with malware but did not mention how long its network was infected.
Hyatt, controlled by the billionaire Pritzker family, is the fourth major hotel operator to warn of a breach since October.
Hilton Worldwide Holdings Inc and Starwood Hotels & Resorts Worldwide Inc disclosed attacks on payment processing systems in November.
Donald Trump's luxury hotel chain, Trump Hotel Collection, also confirmed the possibility of a data security incident.
© Thomson Reuters 2016
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.