1,200 hotel chains worldwide affected by malware data breach

InterContinental Hotels Group (IHG) originally believed that 12 of their properties were compromised from the data breach, but it now transpires that approximately 1,200 IHG hotels are affected.

On the 19^th April 2017, IHG released new information in regards to the data breach. The information shows that the cyber-attack’s consequences were far worse than originally thought.

The data breach led to the theft of hotel guests credit card information.

Which hotels are affected?

In February 2016, the IHG admitted to the data breach where cyber-attacker(s) compromised payment systems at IHG chains in multiple locations worldwide. IHG is a parent company of hotel chains including Crowne Plaza, Holiday Inn in the U.K., Candlewood Suites, and Kimpton Hotels and Resorts are other hotel chains that are also in the mix.

When the breach was first discovered

According to the conglomerate, the data breach was discovered on the 28^th December 2016. The data breach was thought to be discovered as several clients reported unauthorised and fraudulent charges on their credit cards previously used at some of the U.S. hotel chains owned by IHG.

IHG’s response

After the breach, IHG released a written response to what had happened. In order to have a thorough investigation, the IHG hired a cybersecurity firm on behalf of the hotel chains to examine the payment card processing systems in the U.S. region. Following the investigation, it gave indications that malware designed to access payment card data from cards was used.

They note that, although there was no evidence that card details were accessed after the 29^th December 2016, IHG received confirmation that the malware hadn’t been wiped until their investigations in February and March 2017.

IHG hotels implemented what they call a ‘Secure Payment Solution’ (SPS), which is reportedly fully encrypted. The hotels that used the SPS before 29^th September 2016 weren’t affected. Since 29^th September, many other hotels implemented the SPS system, and this ended the ability of the malware to find payment card data. Those cards used at the locations after the SPS was implemented were also not affected.

The malware allowed data to be searched – i.e. the cardholder’s name, card number, expiration date, and internal verification code – which was gathered through the magnetic stripe of the payment cards as they were being used on the hotel server.

A list of the affected hotels can be found here: https://www.ihg.com/content/us/en/customer-care/protecting-our-guests/property-listing.

The IHG reminds affected guests to “remain vigilant” with the possibility of fraud on the horizon. They advise that all guests should review their payment card statements in the event of fraudulent activity.

IHG are reassuring their guests that they’re “working closely with the payment card networks as well as the cybersecurity firm to confirm that the malware has been eradicated.” They’ve also noted that they’re looking at new ways for the hotels to enhance their cybersecurity, but have yet to detail what these new ways are.

A little too late?

IHG advised all of its guests to remain vigilant. However, I believe it’s a little too late for some. They should’ve given that some thought when they failed to protect their systems which allowed the cyber-attack to take place.

Sources:

https://www.ihg.com/content/us/en/customer-care/protecting-our-guests

http://www.zdnet.com/article/intercontinental-hotels-group-admits-data-breach/

http://www.zdnet.com/article/intercontinental-data-breach-expands-to-thousands-of-hotels/

https://www.rt.com/usa/385474-nearly-1200-intercontinental-hotels-hit/

https://www.engadget.com/2017/04/20/intercontinental-data-breach/

https://krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/

Are large teaching hospitals more likely to have data breaches?

Exam Board, AQA, reportedly compromised 64,000 examiners’ personal details