Officials are unable to confirm how many were affected by the breach, an IHG spokesperson told SC Media.
In a statement, IHG says an investigation was launched and third-party cybersecurity companies were hired to scour the hotels' payment card processing systems for problems.
The investigation revealed that malware was installed on servers that processed credit cards at restaurants and bars at 12 IHG-managed properties from approximately August 2016 to December 2016.
The malware searched for specific types of information contained in the tracks of payment cards, including cardholder names, card numbers, expiration dates and internal verification codes.
The locations affected by the data breach include the Sevens Bar & Grill at Crowne Plaza San Jose-Silicon Valley, the Bristol Bar & Grille at the Holiday Inn San Francisco Fisherman's Wharf, InterContinental San Francisco, Aruba's Holiday Inn Resort and InterContinental Los Angeles Century City. A list of the known breached locations can be found here. However, travelers that only used their cards at hotel front desks during this time should be safe.
Customers whose data has been exposed in the breach are being notified, and the investigation is ongoing at other locations in the United States.
According to IHG, we may not yet know the full scope of this breach: The company advised that its investigation into other properties in the Americas region is ongoing, reports Krebs on Security.
Card-stealing cyber thieves have broken into some of the largest hotel chains over the past few years. Hotel brands that have acknowledged card breaches over the last year include Kimpton Hotels, Trump Hotels (twice), Hilton, Mandarin Oriental, and White Lodging (twice). Card breaches also have hit hospitality chains Starwood Hotels and Hyatt.