InterContinental Hotels Hacked For Guests Credit Card Info

Hotel Intercontinental

Traveling to a new city and experiencing the local cuisine and culture is exciting.

If you stayed at a Holiday Inn hotel late previous year, check your credit card statements. Unfortunately, that's the position millions of travelers have just been put in.

The data breach at InterContinental Hotels Group PLC is much bigger than announced earlier, with nearly 1,200 hotels now seen as impacted.

A data breach involving the Intercontinental Hotels Group could have possibly put your credit information at risk.

Headquartered in Denham, U.K., IHG operates more than 5,000 hotels across almost 100 countries.

IHG properties include Holiday Inn, Holiday Inn Express, InterContinental, Kimpton Hotels, Crowne Plaza, Staybridge Suites and Candlewood Suites.

The IHG-branded franchise hotel locations that had installed IHG's Secure Payment Solution (SPS) prior to the breach were reportedly not affected.

IHG acknowledged that the breaches were active through at least December 29, 2016, though there's no certainty that the malware was eliminated until the breach was investigated in February and March of this year.

In many of these breaches, thieves plant malicious software on point-of-sale devices via a hacked remote administration tool.

IHG has admitted that 1,200 of its hotels across the USA and Puerto Rico have been hit by the malware, which has grabbed data from cards including cardholders' names, credit card numbers, expiration dates and security codes.

According to a statement from IHG, the malware was able to read from the magnetic stripe of a card as it was being process through the hotel server.

Guests who stayed at the hotel during the affected date range should also check their Equifax, Experian and TransUnion credit scores, IHG said. Those hotels breached included household names such as InterContinental, Holiday Inn, Crown Plaza and Hotel Indigo chains.

Customers affected were notified, and this appeared to be the end of the issue.

IHG has set up a web page with a full list of affected hotels, and it's a very long list. Considering the breach started back in September 2016 for some of the hotels, and partial notification is coming in April 2017, the stolen card data has most likely been used by now.

Related news: