Intercontinental hotels hit by credit card data breach
Cranston, R.I. —
InterContinental Hotels Group (IHG), the company behind several well-known hotels such as Holiday Inn and Holiday Inn Express is warning its customers of a data breach that may compromise credit card information.
In a statement the company sent out last Friday, it reported that certain franchisees operating locations in the Americas were alerted to fraudulent charges being made on cards that were previously used at their locations.
In the statement, IHG said they have hired a leading cyber security firm on behalf of franchisees to coordinate an examination of the payment card processing systems of franchise hotel locations in the Americas region.
The investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016.
Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017.
Before this incident began, many IHG-branded franchise hotel locations had implemented IHG’s Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution.
Properties that had implemented SPS before September 29, 2016 were not affected.
Many more properties implemented SPS after September 29, 2016, and the implementation of SPS ended the ability of the malware to find payment card data and, therefore, cards used at these locations after SPS implementation were not affected.
A list of affected IHG franchise locations and respective time frames, which may vary by location, is available here.
A check of the list by NBC10 found that people who stayed at the Holiday Inn in South Kingstown and the Holiday Inn Express in Swansea, Massachusetts during this period may have been effected.