InterContinental confirms breach at 12 hotels

InterContinental San Francisco

A month after the InterContinental Hotel Group said it was investigating claims of a possible breach, the chain said a payment card breach affected 12 of its U.S. properties.

Officials are unable to confirm how many were affected by the breach, an IHG spokesperson told SC Media.

In a statement, IHG says an investigation was launched and third-party cybersecurity companies were hired to scour the hotels' payment card processing systems for problems.

FREE DAILY NEWSLETTER

Like this story? Subscribe to Operations & Technology!

Hospitality professionals turn to Operations & Technology as their go-to source for breaking news on guestrooms, food & beverage, hospitality and technology trends, management and more. Sign up today to get news and updates delivered to your inbox daily and read on the go.

The investigation revealed that malware was installed on servers that processed credit cards at restaurants and bars at 12 IHG-managed properties from approximately August 2016 to December 2016.

The malware searched for specific types of information contained in the tracks of payment cards, including cardholder names, card numbers, expiration dates and internal verification codes.

The locations affected by the data breach include the Sevens Bar & Grill at Crowne Plaza San Jose-Silicon Valley, the Bristol Bar & Grille at the Holiday Inn San Francisco Fisherman's Wharf, InterContinental San Francisco, Aruba's Holiday Inn Resort and InterContinental Los Angeles Century City. A list of the known breached locations can be found here. However, travelers that only used their cards at hotel front desks during this time should be safe.

Customers whose data has been exposed in the breach are being notified, and the investigation is ongoing at other locations in the United States.

According to IHG, we may not yet know the full scope of this breach: The company advised that its investigation into other properties in the Americas region is ongoing, reports Krebs on Security.

Card-stealing cyber thieves have broken into some of the largest hotel chains over the past few years. Hotel brands that have acknowledged card breaches over the last year include Kimpton Hotels, Trump Hotels (twice), Hilton, Mandarin Oriental, and White Lodging (twice). Card breaches also have hit hospitality chains Starwood Hotels and Hyatt.

Suggested Articles

GSD Group acquired the rights to build video game-themed Atari Hotels in the United States, with the first to break ground in Phoenix.

The new Arbor prototype is meant to minimize costs while incorporating natural elements.

As well as acquiring a stake in the company, The Silverstone Cos. has also gained exclusive rights to development in Asia.