InterContinental Hotel chain breach expands

Both hotels are being built by JSK Hospitality. The Holiday Inn expected to open this month, while the Candlewood Suites has a planned November opening.

 

Late last year, InterContinental Hotel Group revealed it was investigating a widespread credit card breach across some 5,000 hotels worldwide but in February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.

According to a statement released by IHG, the investigation “identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016.”

Virtual Event

HOTEL OPTIMIZATION PART 2 | Now Available On-Demand

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


"On behalf of franchisees and in co-operation with the payment card networks and acquiring banks, IHG is coordinating the investigation that is now under way," an IHG spokeswoman told the BBC. "Individuals should closely monitor their payment card account statements. If there are unauthorized charges, individuals should immediately notify their bank. Payment card network rules generally state that cardholders are not responsible for such charges."

A statement released on the hotel's website says that the malware, which infected the hotels' card payment systems, was identified between Sep. 29 and Dec. 29, 2016. The statement adds that “there is no evidence of unauthorized access to payment card data” after Dec. 29, it still took until March 2017 to ensure that the malware had been completely expunged from the systems.

The statement said that other properties with an encryption-based security measure were not affected. However, cyber security expert Brian Krebs stated that not many of IHG's hotels adopted this security measure.

"IHG has been offering its franchised properties a free examination by an outside computer forensic team," Brian Krebs said. "But not all property owners have been anxious to take the company up on that offer. As a consequence, there may be more breached hotel locations yet to be added to the state look-up tool."

IHG didn’t say how many properties total were affected, although it has published a state-by-state lookup tool available here.

There have been a huge string of acknowledged breaches in the past two years: Kimpton Hotels, HEI Hotels and Resorts, Millennium Hotels & Resorts North America, the Hard Rock Hotel & Casino in Las Vegas (twice), Trump Hotels (twice), Golden Nugget hotels, Mandarin Oriental, Omni Hotels, and White Lodging all have been victims of data breaches.

In addition to data-breach insurance, there are other steps hotels can take to minimize risk. These include understanding the risk of a data breach, having a strict online policy bolstered by strong employee training, updating machines and technology, and being prepared in case you are targeted. 

Suggested Articles

The partnership aims to help restaurants streamline online orders from apps like GrubHub, UberEats, DoorDash, Chownow, Caviar, Postmates and others.

Two conferences traditionally held in the first half of each year are rescheduling for the second half.

In October, visitor arrivals were down 90.4 percent compared to 2019 and hotel occupancy was below 20 percent.