Comparison Overview

Mauna Kea Resort

VS

Hyatt

Mauna Kea Resort

62-100 Mauna Kea Beach Dr. Kohala Coast, Hawaii 96743, US
Last Update: 2025-05-05 (UTC)
Between 800 and 900
http://www.maunakearesort.com

Strong

Mauna Kea Resort encompasses both Mauna Kea Beach Hotel and Hapuna Beach Prince Hotel. These iconic hotel's share 1,839 acres of oceanfront paradise along the sunny Kohala Coast of Hawaii's Big Island. Laurance S. Rockefeller, who founded The Mauna Kea Beach Hotel in 1965 knew the great beach at Kauna'oa bay also deserved spectacular golf and exceptional dining to accompany the most exclusive and expensive resort of its day. Four decades later, following a $150 million repair and renovation, The Mauna Kea once again stands as a landmark of luxury. The second phase in Rockefeller's creation of Mauna Kea Resort, the Hapuna Beach Prince Hotel was created in 1994. This hotel is perfectly nestled into the bluffs above the #1-rated Hapuna Beach. It presents a flowing, contemporary Hawaiian style where guests on vacation experience the true essence of rejuvenation. With a timeless tradition of aloha, Mauna Kea Resort welcomes generations of guests to come and be inspired by the past, embraced by the moment, enchanted by the warm days and exciting possibilities ahead. Show more Show less

NAICS: 7211
NAICS Definition: Traveler Accommodation
Employees: 501-1,000
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Hyatt

150 N Riverside Plaza, None, Chicago, IL, US, 60606
Last Update: 2025-07-24 (UTC)

Strong

Between 800 and 900
http://www.hyatt.com

Hyatt is guided by its purpose: to care for people so they can be their best. Hyatt’s portfolio includes 1,400+ hotels and all-inclusive properties in 79 countries across six continents. Luxury Portfolio – Park Hyatt®, Alila®, Miraval®, Impression by Secrets, and The Unbound Collection by Hyatt® Lifestyle Portfolio – Andaz®, Thompson Hotels®, The Standard®, Dream® Hotels, The StandardX, Breathless Resorts & Spas®, JdV by Hyatt®, Bunkhouse® Hotels, and Me and All Hotels Inclusive Collection – Zoëtry® Wellness & Spa Resorts, Hyatt Ziva®, Hyatt Zilara®, Secrets® Resorts & Spas, Dreams® Resorts & Spas, Hyatt Vivid Hotels & Resorts, Sunscape® Resorts & Spas, Alua Hotels & Resorts®, and Bahia Principe Hotels & Resorts Classics Portfolio – Grand Hyatt®, Hyatt Regency®, Destination by Hyatt®, Hyatt Centric®, Hyatt Vacation Club®, and Hyatt® Essentials Portfolio – Caption by Hyatt®, Hyatt Place®, Hyatt House®, Hyatt Studios, Hyatt Select, and UrCove Subsidiaries of the Company operate the World of Hyatt® loyalty program, ALG Vacations®, Mr & Mrs Smith, Unlimited Vacation Club®, Amstar® DMC destination management services, and Trisept Solutions®. Visit hyatt.com for more. This account provides information about Hyatt Hotels Corporation, its subsidiaries or affiliates and/or hotels operating under a Hyatt-affiliated brand. Terms like “Hyatt,” “we,” “our,” “us,” and similar terms are used for convenience and should not be understood as precise designations of any particular entity. The account name and certain terms like “employees” are used by this site but may not be accurate. Individuals may identify themselves as working or having worked at Hyatt or a Hyatt hotel, but please note that self-identification should not be treated as confirmation of employment, past or present, by Hyatt or any particular entity or hotel. In some cases, an individual may have been employed by an affiliate of Hyatt Hotels Corporation or by an owner or franchisee of a Hyatt-branded hotel.

NAICS: 7211
NAICS Definition: Traveler Accommodation
Employees: 87,880
Subsidiaries: 47
12-month incidents
0
Known data breaches
2
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/defaultcompany.jpeg
Mauna Kea Resort
ISO 27001
Not verified
SOC 2
Not verified
GDPR
No public badge
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/hyatt.jpeg
Hyatt
ISO 27001
Not verified
SOC 2
Not verified
GDPR
No public badge
PCI DSS
No public badge
Compliance Summary
Mauna Kea Resort
100%
Compliance Rate
0/4 Standards Verified
Hyatt
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Hospitality Industry Average (This Year)

No incidents recorded for Mauna Kea Resort in 2025.

Incidents vs Hospitality Industry Average (This Year)

No incidents recorded for Hyatt in 2025.

Incident History — Mauna Kea Resort (X = Date, Y = Severity)

Mauna Kea Resort cyber incidents detection timeline including parent company and subsidiaries

Incident History — Hyatt (X = Date, Y = Severity)

Hyatt cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/defaultcompany.jpeg
Mauna Kea Resort
Incidents

No Incident

https://images.rankiteo.com/companyimages/hyatt.jpeg
Hyatt
Incidents

Date Detected: 3/2017
Type:Breach
Blog: Blog

Date Detected: 01/2016
Type:Ransomware
Attack Vector: Malware
Motivation: Financial Gain
Blog: Blog

Date Detected: 8/2015
Type:Breach
Attack Vector: Malware
Motivation: Financial Gain
Blog: Blog

FAQ

Both Mauna Kea Resort company and Hyatt company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Hyatt company has historically faced a number of disclosed cyber incidents, whereas Mauna Kea Resort company has not reported any.

In the current year, Hyatt company and Mauna Kea Resort company have not reported any cyber incidents.

Hyatt company has confirmed experiencing a ransomware attack, while Mauna Kea Resort company has not reported such incidents publicly.

Hyatt company has disclosed at least one data breach, while Mauna Kea Resort company has not reported such incidents publicly.

Neither Hyatt company nor Mauna Kea Resort company has reported experiencing targeted cyberattacks publicly.

Neither Mauna Kea Resort company nor Hyatt company has reported experiencing or disclosing vulnerabilities publicly.

Hyatt company has more subsidiaries worldwide compared to Mauna Kea Resort company.

Hyatt company employs more people globally than Mauna Kea Resort company, reflecting its scale as a Hospitality.

Latest Global CVEs (Not Company-Specific)

Description

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ?? (authRequired ? null : { id: ctx.body.userId })`. When no session exists but `userId` is present in the request body, `authRequired` becomes false and the user object is set to the attacker-controlled ID. Server-only field validation only executes when `authRequired` is true (lines 280-295), allowing attackers to set privileged fields. No additional authentication occurs before the database operation, so the malicious payload is accepted. The same pattern exists in the update endpoint. This is a critical authentication bypass enabling full an unauthenticated attacker can generate an API key for any user and immediately gain complete authenticated access. This allows the attacker to perform any action as the victim user using the api key, potentially compromise the user data and the application depending on the victim's privileges. Version 1.3.26 contains a patch for the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary and could not be configured at runtime. In practice, this meant that every deployment using Reviewbot would validate requests with the same secret unless the operator modified source code and rebuilt the component - an expectation that is not documented and is easy to miss. All Allstar releases prior to v4.5 that include the Reviewbot code path are affected. Deployments on v4.5 and later are not affected. Those who have not enabled or exposed the Reviewbot endpoint are not exposed to this issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name or (3) Last Name text field.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References