InterContinental confirms breach at 12 hotels

InterContinental San Francisco

A month after the InterContinental Hotel Group said it was investigating claims of a possible breach, the chain said a payment card breach affected 12 of its U.S. properties.

Officials are unable to confirm how many were affected by the breach, an IHG spokesperson told SC Media.

In a statement, IHG says an investigation was launched and third-party cybersecurity companies were hired to scour the hotels' payment card processing systems for problems.

Virtual Event

HOTEL OPTIMIZATION PART 2 | Now Available On-Demand

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


The investigation revealed that malware was installed on servers that processed credit cards at restaurants and bars at 12 IHG-managed properties from approximately August 2016 to December 2016.

The malware searched for specific types of information contained in the tracks of payment cards, including cardholder names, card numbers, expiration dates and internal verification codes.

The locations affected by the data breach include the Sevens Bar & Grill at Crowne Plaza San Jose-Silicon Valley, the Bristol Bar & Grille at the Holiday Inn San Francisco Fisherman's Wharf, InterContinental San Francisco, Aruba's Holiday Inn Resort and InterContinental Los Angeles Century City. A list of the known breached locations can be found here. However, travelers that only used their cards at hotel front desks during this time should be safe.

Customers whose data has been exposed in the breach are being notified, and the investigation is ongoing at other locations in the United States.

According to IHG, we may not yet know the full scope of this breach: The company advised that its investigation into other properties in the Americas region is ongoing, reports Krebs on Security.

Card-stealing cyber thieves have broken into some of the largest hotel chains over the past few years. Hotel brands that have acknowledged card breaches over the last year include Kimpton Hotels, Trump Hotels (twice), Hilton, Mandarin Oriental, and White Lodging (twice). Card breaches also have hit hospitality chains Starwood Hotels and Hyatt.

Suggested Articles

From services to small products in the bathroom, these guest amenities will become guest expectations in the near future.

With demand for contactless experiences on the rise and new programs coming online, property-management systems are evolving.

During the “Best Practices in Cleaning” panel, insiders shared how hoteliers can keep guests and employees safe.