"The chain's asking customers to keep an eye on their credit card bills, on the off-chance that the folks responsible for the malware injection have gone on a room-booking spree.
And that's about all the chain is saying,"
Yeah... but no.
Since the malware was apparently "on computers that operate the payment processing systems" and they don't specifically say that card numbers have been compromised, you might infer that the worst the crims can do is book rooms.
On the other hand, from "we encourage customers to review their payment card account statements closely and to report any unauthorized charges to their card issuer immediately" I'd infer card numbers probably have been stolen and can be used for more than just booking rooms with the Hyatt chain.