IHG confirms 1200 hotels hit by malware attack

Posted April 23, 2017

That's because the parent company of those chains, InterContinental Hotels Group (IHG), revealed yesterday (April 18) that a credit-card breach involved more than 1,000 of InterContinental's 5,000-odd managed, franchised or company-owned properties.

British-based InterContinental Hotels Group (IHG) said it is aware of "unauthorized charges occurring on payment cards after they were legitimately used at their location".

Malware that successfully stole payment card data was detected between September 29, 2016 and December 29, 2016 at locations accounting for 30 percent of its mostly franchised locations in the Americas.

The malware was originally discovered to have affected the front-desks payment systems of the group's hotels between September and December 2016, but until now IHG has not realised the extent of the attack.

InterContinental Hotels Group said earlier this year that about a dozen of its hotels had been infected with credit-card stealing malware - it turns out, the number was around 100 times that.

Readers should remember that they're not liable for fraudulent charges on their credit or debit cards, but they still have to report the unauthorized transactions. It operates a portfolio of hotel brands, including InterContinental, HUALUXE, Kimpton, Crowne Plaza, Hotel Indigo, EVEN Hotels, Holiday Inn, Holiday Inn Express, Staybridge Suites Hotels, Holiday Inn Resort, Holiday Inn Club Vacations and Candlewood Suites Hotels. However, the company noted that there was no indication that other guest information was affected.

It is unclear exactly how many IHG customers were affected by the data breach.

IHG recommends customers who stayed in the impacted locations to check statements and credit reports.

IHG doesn't give a number of how many hotels were involved in the card breach.

IHG is offering more information to USA residents at 855-330-6367 and for residents outside the U.S.at 800-290-9989 from 8 a.m.to 8 p.m. weekdays.

Frequently, when companies announce a change or wide-reaching issue across scores of outlets, long lists will be released to journalists - spreadsheets, often - of every store or location affected.

The company has been working closely with the payment card networks and the cyber security firm to confirm that all malware has been eradicated.

The company says the malware has been removed and new security measures have been put into place, but their internal investigation isn't yet done. The US is, after all, the land of the lawsuit, and lawyers are no doubt salivating at the chance to launch a class action suit against some of the best-known hotel brands in the country.