InterContinental Hotels Group (IHG) has admitted to falling prey to cyberattackers who were able to compromise payment systems at hotels in the US and the Caribbean.
IHG is the parent company of hotel chains including Crowne Plaza, Holiday Inn, Candlewood Suites and Kimpton Hotels and Resorts, with thousands of locations worldwide. According to the conglomerate, the data breach was discovered on 28 December after an undisclosed number of clients reported unauthorized, fraudulent charges on cards previously used at a number of US hotels owned by the hotel giant.
In a statement released last week, IHG says an investigation was launched and third-party cybersecurity companies were hired to scour the hotels' payment card processing systems for problems.
The investigation revealed that malware was installed on servers which processed these cards when used at restaurants and bars at 12 IHG-managed properties from approximately August 2016 to December 2016.
The malware searched for specific types of information contained in the tracks of payment cards, including cardholder names, card numbers, expiration dates and internal verification codes.
As cards were used and the data was routed through the compromised servers, the cyberattackers stole the information -- which could be used for purposes such as identity theft or mass-account sales on the Dark Web.
The locations affected by the data breach include the Sevens Bar & Grill at Crowne Plaza San Jose-Silicon Valley, the Bristol Bar & Grille at the Holiday Inn San Francisco Fisherman's Wharf, InterContinental San Francisco, Aruba's Holiday Inn Resort and InterContinental Los Angeles Century City.
However, travelers that only used their cards at hotel front desks during this time should be safe.
Customers whose data has been exposed in the breach are being notified, and the investigation is ongoing at other locations in the United States.
In April 2016, the Trump hotel chain, The Trump Hotel Collection, was reportedly the victim of a credit card breach for the second time that year. It is believed that point-of-sale (PoS) systems were infected with data-stealing malware.