IHG hotels hit by payment card data hack

20 April 2017 by
IHG hotels hit by payment card data hack

Payment card data-targeting malware has hit hundreds of InterContinental Hotels Group (IHG) properties.

The UK-based company confirmed franchisee-operated hotels in the USA and Puerto Rico were made aware by payment card networks of patterns of unauthorised charges on payment cards after they were used at their locations. No UK hotels are known to have been affected.

An investigation by a cyber security firm identified signs of malware designed to access payment card data from cards used onsite at the front desk of a number of of IHG-branded franchise hotels, including Holiday Inn and Crowne Plaza properties, between September 29 2016 and December 29 2016.

The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication other guest information was affected.

Before the incident, some IHG-branded franchise hotels had implemented IHG's Secure Payment Solution (SPS) and were not affected, and more have since implemented SPS, ending the ability of the malware to find payment card data.

A list of affected franchise locations and respective time frames is available here. IHG has also established a dedicated call centre for guests affected.

A statement from IHG read: "On behalf of franchisees, IHG has been working closely with the payment card networks as well as with the cyber security firm to confirm that the malware has been eradicated and evaluate ways for franchisees to enhance security measures. Law enforcement has also been notified."

Gordon Ramsay's father-in-law admits computer hacking >>

Hotels told to do more to protect customers' data >>

Are you safe from hackers? >>

Videos from The Caterer archives

The Caterer Breakfast Briefing Email

Start the working day with The Caterer’s free breakfast briefing email

Sign Up and manage your preferences below

Check mark icon
Thank you

You have successfully signed up for the Caterer Breakfast Briefing Email and will hear from us soon!

Jacobs Media Group is honoured to be the recipient of the 2020 Queen's Award for Enterprise.

The highest official awards for UK businesses since being established by royal warrant in 1965. Read more.


Ad Blocker detected

We have noticed you are using an adblocker and – although we support freedom of choice – we would like to ask you to enable ads on our site. They are an important revenue source which supports free access of our website's content, especially during the COVID-19 crisis.

trade tracker pixel tracking