More Than 1,000 Hotels Compromised in Latest InterContinental Hotels Group Breach

Did you stay at a Holiday Inn, Holiday Inn Express or another InterContinental Hotels Group (IHG) property in the latter half of 2016?

The credit card you used might have been compromised.  

The international hotel group recently acknowledged the payment card system at more than 1,000 properties was infected with malware.

This is the second very recent breach for IHG, who back in February acknowledged a credit card breach at around a dozen properties, including Holiday Inn and Holiday Inn Express. And it wasn’t thought to have affected the properties front desks — just their restaurants/bars. We covered that breach here.

IHG has yet to disclose an exact number of affected properties but it has created a lookup tool on its site so you can search for affected hotels in select states and cities. Because the investigation is ongoing, the tool might be updated, so you “may want to check this site periodically,” they recommend.

Along with the aforementioned Holiday Inn and Holiday Inn Express, the breach affected some Staybridge Suites, Crowne Plazas, Candlewood Suites and others.

According to this KrebsOnSecurity story about the breach, a Danish researcher examined the lookup tool and found there are at least 1,175 locations affected so far.

According to the Krebs story, “IHG has been offering its franchised properties a free examination by an outside computer forensic team hired to look for signs of the same malware infestation known to have hit front desk systems at other properties. But not all property owners have been anxious to take the company up on that offer. As a consequence, there may be more breached hotel locations yet to be added to the state lookup tool.”

This second breach occurred at select hotels from late September to late December. The malware siphoned data, including cardholder name, card number, expiration date and internal verification code.

The first breach, which also stemmed from malware on servers used to process credit cards, took place from August through December 2016 and affected hotel bars/restaurants, including some well-known establishments, like Michael Jordan’s Steak House and Bar at InterContinental Chicago.

According to the statement released by the hotel group, “The investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016.  Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017.

According to the statement, prior to this incident, some IHG-branded franchise locations implemented Secure Payment Systems (SPS) and those properties were not affected.

But “many more properties implemented SPS after September 29, 2016, and the implementation of SPS ended the ability of the malware to find payment card data and, therefore, cards used at these locations after SPS implementation were not affected.”


Are you covered for identity theft?
Get Covered

Image: Pexels