The data breach at InterContinental Hotels Group Plc (IHG,IHG.L) is much bigger than announced earlier, with almost 1,200 hotels now seen as impacted.
Denham, UK-based InterContinental Hotels, the owner of Holiday Inn, Crowne Plaza, Staybridge Suites and Hotel Indigo, said in early February that it suffered a data breach on twelve of its hotels in the U.S. The company operates more than 5,000 hotels across nearly 100 countries.
The data breach was discovered on December 28, 2016 after clients reported unauthorized, fraudulent charges on cards previously used at a number of U.S. hotels owned by the hotel giant.
IHG said in a statement on its website that it found signs of malware designed to access credit card data from cards used onsite at front desks in certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016.
While the company did not provide a specific number for how many properties were affected, it has provided a state-by-state lookup tool that shows the Holiday Inn, Intercontinental and Crowne Plaza locations that were affected.
According to research by a Krebs on Security reader, 1,175 properties across the U.S. and Puerto Rico were affected by the data breach. The impacted brands are Holiday Inn, Holiday Inn Express, Holiday Inn Resort, Crown Plaza, Hotel indigo, Candlewood Suites and Staybridge Suites.
According to IHG's investigation, the malware did not show signs of activity after December 29, but it was also not eradicated from cash registers until March 2017.
According to the hotel chain, the malware searched for track data - cardholder name, card number, expiration date, and internal verification code - read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. However, the company noted that there was no indication that other guest information was affected.
by RTT Staff Writer
For comments and feedback: firstname.lastname@example.org