Hyatt today announced that its payment systems have been breached, exposing credit card data from 41 hotels in 11 countries. The hack was discovered in July and the investigation has just been completed.

The three American hotels affected were all in Hawaii, with the remaining 38 scattered around the world (China had the most problems).

In a statement, Hyatt said it “has taken steps to strengthen the security of its systems and that customers can use payment cards with confidence at Hyatt hotels around the world.”

Wait, no. That’s what emerges from the statement he released when it was hacked in late 2015.

The new statement reads: “We have resolved the issue and implemented additional security measures to make our systems more secure. Customers can confidently use payment cards at Hyatt hotels around the world.

If these improvements look like the ones they made two years ago, your confidence is clearly misplaced. The hackers were able to collect credit card numbers, expiration dates, cardholder names and the “internal verification code”, presumably the three-digit one on the back. Only “a small percentage” of cards swiped at the front desk were stolen, but Hyatt offered no specific number.

Affected customers will have been informed directly if contact details were available, but this is not a guarantee. And the company itself admits that “the information and data available does not allow Hyatt to identify every specific payment card that may have been affected.” So even they don’t know exactly how big the breach is, apparently.

If you swiped a card at a Hyatt property between March 18 and July 2 of this year, you should probably keep an eye out for unauthorized transactions. The 41 hotels listed here are supposed to be the only ones affected, but you can never be too careful.