IHG investigates possible payment card breach at several U.S. hotels

(Khairallah joined Marcus Hotels & Resorts in 2013 as COO, and in 2014 he assumed day-to-day oversight for the company's hotel division.)

The InterContinental Hotels Group, parent company to a number of hotel chains, including Holiday Inn and Holiday Inn Express,  is investigating a possible breach of customers’ payment card data.

In addition to the Holiday Inn brands, InterContinental owns a number of chains: Crowne Plaza, Staybridge Suites, Candlewood Suites, Hotel Indigo, Even Hotels and Kimpton. Sources in the financial industry have told information security reporter Brian Krebs that they’re seeing fraudulent transactions on cards that were used at InterContinental properties, especially Holiday Inn. 

The British hotel chain hired a computer security firm to investigate patterns of possible credit and debit card fraud as it continues to work with payment card networks for additional support, an InterContinental spokesperson said.

“IHG takes the protection of payment card data very seriously. We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations,” the company said in a statement to the Daily News

“We are committed to swiftly resolving this matter. In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements. If there are unauthorized charges, individuals should immediately notify their bank. Payment card network rules generally state that cardholders are not responsible for such charges.”

The company did not name the security firm but suggested that if customers find unauthorized charges, individuals should immediately inform their bank. Thieves would plant malicious software onto point-of-sale devices at restaurants and bars inside the hotels, capturing customers’ card data with each swipe, the KrebsOnSecurity blog reported.