April 20, 2017 by

Data Breach Hits over 1,000 Intercontinental Hotels

The Intercontinental Hotel Group, the operator of hotel chains like the Holiday Inn and the Intercontinental, has admitted to the discovery of a malware that compromised point-of-sale equipment used at front desks of its hotel properties.

While no numbers were specified, the announcement linked readers to a tool where one could look at the hotels affected. Prominent security researcher Brian Krebs has since revealed on his blog that up to 1,175 hotels, over 20% of the groups 5,000 worldwide hotels, were compromised.

A forensic investigation identified signs of the malware operation used to access payment card data from front desks at hotel locations between September 29 and December 29, last year.

“Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017,” the announcement read.

The malware sought to acquire card data including the name of the card holder, the card number, expiration date and internal verification code present in the magnetic strip of a payment card from compromised hotel servers.

The data breach incident came to light last year when it was originally thought that a handful of Holiday Inns (a dozen properties) were affected. The hotel group’s announcement this week confirms that the breach was far more widespread than initially thought.

Meanwhile, the affected properties identified so far are all based in the United States and Puerto Rico. A USA Today report has revealed that the company is still investigating other properties, which could yet reveal more compromised hotel locations around the world. The operator is updating its list of all locations targeted and compromised hotels in a tool that can be found here.

The hotel is also urging anyone who stayed at one of its properties during the time period to review their card statements to check for any irregular or unauthorized activity.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

Sonic Drive-In Breach Could See Info of Millions of Credit, Debit Cards Stolen

Drive-in restaurant chain Sonic is the latest major company to be the target of a significant data...

Read more arrow_forward

Equifax Data Breach Exposes 143 Million Users’ Data to Identity Theft

Major credit reporting firm Equifax has confirmed a data breach that affects a staggering 143...

Read more arrow_forward