InterContinental confirms breach at 12 hotels

InterContinental San Francisco

A month after the InterContinental Hotel Group said it was investigating claims of a possible breach, the chain said a payment card breach affected 12 of its U.S. properties.

Officials are unable to confirm how many were affected by the breach, an IHG spokesperson told SC Media.

In a statement, IHG says an investigation was launched and third-party cybersecurity companies were hired to scour the hotels' payment card processing systems for problems.

Virtual Roundtable

Post COVID-19: The New Guest Experience

Join Hotel Management’s Elaine Simon for our latest roundtable—Post COVID-19: The New Guest Experience. The experts on the panel will share how to inspire guest confidence that hotels are safe and clean and how to win back guest business.

The investigation revealed that malware was installed on servers that processed credit cards at restaurants and bars at 12 IHG-managed properties from approximately August 2016 to December 2016.

The malware searched for specific types of information contained in the tracks of payment cards, including cardholder names, card numbers, expiration dates and internal verification codes.

The locations affected by the data breach include the Sevens Bar & Grill at Crowne Plaza San Jose-Silicon Valley, the Bristol Bar & Grille at the Holiday Inn San Francisco Fisherman's Wharf, InterContinental San Francisco, Aruba's Holiday Inn Resort and InterContinental Los Angeles Century City. A list of the known breached locations can be found here. However, travelers that only used their cards at hotel front desks during this time should be safe.

Customers whose data has been exposed in the breach are being notified, and the investigation is ongoing at other locations in the United States.

According to IHG, we may not yet know the full scope of this breach: The company advised that its investigation into other properties in the Americas region is ongoing, reports Krebs on Security.

Card-stealing cyber thieves have broken into some of the largest hotel chains over the past few years. Hotel brands that have acknowledged card breaches over the last year include Kimpton Hotels, Trump Hotels (twice), Hilton, Mandarin Oriental, and White Lodging (twice). Card breaches also have hit hospitality chains Starwood Hotels and Hyatt.

Suggested Articles

M3 has partnered with Avero, a restaurant revenue-management software company serving the food-and-beverage industry.

Wyndham is relaxing requirements for Wyndham Rewards members to achieve status for the rest of 2020.

This roundup features details on 15 new properties operating in the United States.