The Hyatt chain of hotels just yesterday found malware running on their systems that operate the payment processing for their hotels.
In their statement they said that they've launched a full-scale investigation and are cooperating with some of the leading cyber-security experts in order to get the issues resolved. In the meantime, if you happen to have stayed at a Hyatt owned hotel within the past six months, be sure to keep an eye out on your bank accounts just in case something suspicious happens to show up.
How does one get malware onto a payment processing system? It's not terribly hard but there are best practices in place to make sure that it's difficult to do. Segmenting the network used and keeping it separate from other networks used for browsing the web, making sure that a proper IDS is in place to detect weird activity and limiting any IP addresses that actually access those systems processing card data to those on a whitelist. But those don't make it impossible, just harder and more likely to scare away all but the most seasoned and prepared of individuals. You can read all about the Payment Card Industry standards here.
So check your credit history and bank accounts for unusual activity, and it seems that no-one is safe, hotels or Hello Kitty websites.