Skip to content ↓ | Skip to navigation ↓

InterContinental Hotel Group (IHG) announced late last week that its payment processing systems at over 1,000 locations were found infected with malware designed to steal credit card information.

The U.K.-based company operates more than 5,000 hotels globally under many well-known brands, including Holiday Inn, Holiday Inn Express and Crowne Plaza.

In a statement posted on its website, IHG said it hired a “leading cyber security firm” after payment card networks alerted many of its franchise locations of patterns of unauthorized charges placed on customers’ credit cards.

“The investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between Sept. 29, 2016, and Dec. 29, 2016,” read the statement.

“Although there is no evidence of unauthorized access to payment card data after Dec. 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in Feb. and March 2017,” IHG explained.

The malware is believed to have compromised credit card and debit card numbers, cardholder names and expiration dates, as well as the internal verification codes.

IHG spokesperson Neil E. Hirsch told Data Breach Today that approximately 1,200 IHG-branded franchise hotel locations in the Americas were affected. A look-up tool was made available on its website, listing impacted properties and their respective timeframes.

iHG Brands

“IHG has been working closely with the payment card networks, as well as the cyber security firm to confirm that the malware has been eradicated and evaluate ways for franchisees to enhance security measures,” said the company, noting that law enforcement had also been notified.

In February of this year, IHG had acknowledged a data breach that appeared to involve just 12 of its managed locations – specifically affecting the point-of-sale devices in the properties’ restaurants and bars.

IHG said the dozen locations referred to hotels it directly runs, and that it didn’t yet know the scope of the breach of its franchisees’ locations.

The company is asking potentially affected customers to remain vigilant by reviewing payment card statements for any fraudulent activity.