Published: Sat, April 22, 2017
Economy | By Melissa Porter

InterContinental Hotels Suffers Major Malware Attack

InterContinental Hotels Suffers Major Malware Attack

The company says the malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the affected hotel server.

According to KrebsonSecurity, cyber thieves typically target point-of-sale devices at hotel restaurants and bars, installing the malware via hacked administration tools.

British-based InterContinental Hotels Group (IHG) said it is aware of "unauthorized charges occurring on payment cards after they were legitimately used at their location".

This breach affects more properties than the first payment card data breach IHG confirmed in February, which affected card payments at 12 hotels in the United States and Caribbean.

If you used a credit card at an InterContinental Hotels Group (IHG) location in late 2016 your payment information may have been compromised.

IHG has now published an updated list of affected locations, which span 49 states, plus Washington D.C., and Puerto Rico.

"IHG has been offering its franchised properties a free examination by an outside computer forensic team", wrote Brian Krebs. IHG values the relationship it has with its guests and understands the importance of protecting payment card data.

IHG operates hotels around the world in nearly 100 countries, so it's unclear how far this breach goes.

IHG has released data showing that cash registers at more than 1,000 of its properties were compromised between September 29 and December 29 of 2016.

It is unclear exactly how many IHG customers were affected by the data breach.

The culprits harvested the information that passed through payment terminals, which included 16-digit payment card numbers, expiration dates, and verification codes, and some customers' names.

Hackers gained access late a year ago to payment-card data at many InterContinental Hotels Group lodgings in the United States and Puerto Rico, including a Holiday Inn Express in Milford. The list includes companies like Hilton, Trump Hotels, Starwood Hotels & Resorts, Hyatt Hotels and Kimpton. "Law enforcement has also been notified", said an IHG statement.

IHG said that hotels where SPS was present prior to September 29, 2016, were unaffected.

Customers who may have been affected by the breach are advised to keep a close eye on their credit card transactions in order to catch any potentially suspicious activity.

Like this: