IHG investigates possible payment card breach at several U.S. hotels

Khairallah joined Marcus Hotels & Resorts in 2013 as COO, and in 2014 he assumed day-to-day oversight for the company's hotel division.

The InterContinental Hotels Group, parent company to a number of hotel chains, including Holiday Inn and Holiday Inn Express,  is investigating a possible breach of customers’ payment card data.

In addition to the Holiday Inn brands, InterContinental owns a number of chains: Crowne Plaza, Staybridge Suites, Candlewood Suites, Hotel Indigo, Even Hotels and Kimpton. Sources in the financial industry have told information security reporter Brian Krebs that they’re seeing fraudulent transactions on cards that were used at InterContinental properties, especially Holiday Inn. 

The British hotel chain hired a computer security firm to investigate patterns of possible credit and debit card fraud as it continues to work with payment card networks for additional support, an InterContinental spokesperson said.

Virtual Event

HOTEL OPTIMIZATION PART 2 | Now Available On-Demand

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


“IHG takes the protection of payment card data very seriously. We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations,” the company said in a statement to the Daily News

“We are committed to swiftly resolving this matter. In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements. If there are unauthorized charges, individuals should immediately notify their bank. Payment card network rules generally state that cardholders are not responsible for such charges.”

The company did not name the security firm but suggested that if customers find unauthorized charges, individuals should immediately inform their bank. Thieves would plant malicious software onto point-of-sale devices at restaurants and bars inside the hotels, capturing customers’ card data with each swipe, the KrebsOnSecurity blog reported.

Suggested Articles

New research suggests 64 percent of hospitality professionals believe the risk of a data breach increases when employees work off site.

Three hotels that previously were branded under the Cotelier Hotels brand will be converted to the Life House brand. 

After two weeks of occupancy surpassing the halfway point, the numbers dropped for the week of Oct. 18–24.