InterContinental Hotels Group (IHG) has confirmed a data breach affected customers’ payment cards at 12 of its locations.
On 3 February, IHG announced that it launched an investigation back on 28 December 2016 after receiving a report of unauthorized charges placed on customers’ credit cards. The Denham-based company, which owns 5,000 hotels that fall under a dozen brands including Holiday Inn and Holiday Inn Express in more than a dozen countries, hired “leading cyber security firms” to conduct the investigation. The results of their analysis prompted IHG to notify customers of a security incident that remained active between August 2016 and December 2016.
As quoted in a statement released by the company, here’s what the security experts found:
“Findings show that malware was installed on servers that processed payment cards used at restaurants and bars of 12 IHG managed properties. Cards used at the front desk of these properties were not affected. The malware searched for track data (cardholder name, card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected server.”
IHG isn’t the first hotel-related company that has suffered a payment card breach. It joins Hutton Hotel, HEI Hotels & Resorts, Omni Hotels, Hard Rock Hotel, and others that in the past have notified customers about a security incident. Some hotels have even been hit more than once.
At this time, IHG’s investigation into the matter remains ongoing as it works to identify any other of its locations that the malware might have affected. The company is also urging customers to review its list of breached properties. If they find they visited one of those affected locations between August 2016 and December 2016, they should pay close attention to their payment card statements and notify their card issuer if and when they detect any unauthorized charges to their accounts.