The company said the Hyatt Regency Birmingham, Andaz London Liverpool Street and the Hyatt Regency London were all hacked between 13 August and 8 December last year.
Around 250 of the group's 627 properties were affected worldwide from 20 July 2015.
In a statement Hyatt global president of operations Chuck Floyd admitted that ‘unauthorised’ malware had been used to collect data including cardholder names, card numbers, expiration dates and internal verification codes.
Although Floyd said that Hyatt had ‘worked quickly’ with cyber security experts to resolve the issue, the malware appeared to have gone undetected for four months.
The company said that the threat had been removed and customers could now ‘confidently use payment cards at Hyatt hotels worldwide’.
“We want to assure customers that we took steps to strengthen the security of our systems in order to help prevent this from happening in the future," said Floyd.
A number of hotel chains including Hilton and Starwood admitted to similar card data breaches last year.
In October the Trump hotel collection warned guests it may have been hit by malware between November 2014 and October 2015, though it is not clear if the hotels were targeted in a similar attack.
Floyd said that Hyatt took the security of customer data ‘very seriously’ and regretted ‘the inconvenience and any concern' the hack may have caused.