InterContinental Hotel Group reveals thousands of guests had their credit card details stolen

Owners of Holiday Inn and Crowne Plaza suffer huge cyber attack

The giant hoteliers InterContinental Hotel Group (IHG) have issued their worrisome findings after conducting an internal investigation into their hotels.

The huge company – owners of popular hotel chains Holiday Inn and Crowne Plaza – began their investigation when malicious software was detected on their front desk systems late last year. Whilst the breach into their systems were detected as early as 29 September 2016, traces of the malware is suspected to have remained until March of this year.

What information was stolen?

Having breached the company’s customer database, the malware managed to access and obtain the following information:

• Cardholder names;
• Credit card numbers;
• Expiration dates;
• Security codes.

Armed with these details, the data thieves could easily be able to access or even directly steal money from cardholders without ever needing to physically look at the card!

Playing it down

The breach was first identified in December when experts identified a number of breaches at hotels. The experts noticed patterns and recognised that malware may have been used to target hotels. A month later, IHG told the reporters of the breach that only a dozen of their hotels were affected.

If only…

In fact, the total number of hotels affected is almost 100 times the number IHG first stated. Some 1,175 hotels were identified to have been affected by the malware. Now imagine how many guests each hotel must have accommodated? This breach potentially involves millions of customers. Although IHG has around 5,000 hotels across 100 countries, Computer World reported that all of the hotels affected were either in the U.S., Canada, or Puerto Rico.

You may recognise famous brands IHG owns, including:

• Holiday Inn;
• Holiday Inn Resort;
• Holiday in Express;
• Crowne Plaza;;
• Hotel Indigo;
• InterContinental;
• Kimpton;
• Staybridge Suites;
• Candlewood Suites.

Whilst the U.K. is reportedly not affected, if you have stayed in an IHG hotel whilst abroad in the U.S., Canada, or Puerto Rico, it’s definitely worth checking your bank account for any suspicious activity.

IHG issued the following statement:

“The Investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks for certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016. Although there is no evidence of unauthorized access to payment card data after December 29. 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017.“

IHG offers little else about how the payment systems were attacked in the first place. It’s not yet known if IHG was subject to a hacking or if perhaps a receptionist clicked on some malicious software. For most guests, which is a lot, the key question is probably “which specific hotels are affected“? IHG has created a webpage whereby the searcher clicks on the country, state, and city to see which hotels were affected. For frequent travellers who have visited more than one of IHG’s hotels, the site offers no alternative for a quicker mass search.

You may have been affected

Due to the nature of hotel usage, whilst the location of the affected hotels remain in the U.S., Canada and Puerto Rico, thousands of guests could easily be from abroad and may not even be aware of the breach. There is no indication from the IHG that they have notified the affected customers, so we advise if you suspect you have visited one of the affected hotels, check your bank account now and contact your bank.

Since the majority of the IHG hotels are franchise brands and not directly owned by IHG, some hotels aren’t taking part in the investigations. Some others are apparently still in the midst of conducting theirs. As data controllers of such sensitive information, the hotels should take steps to ensure their security measures are intact. For the unfortunate ones who have had their defences breached, action needs to be taken.

Dating website Guardian Soulmates data breach

Data breach affects over 26,000 Debenhams customers