April 20, 2017 by

Data Breach Hits over 1,000 Intercontinental Hotels

The Intercontinental Hotel Group, the operator of hotel chains like the Holiday Inn and the Intercontinental, has admitted to the discovery of a malware that compromised point-of-sale equipment used at front desks of its hotel properties.

While no numbers were specified, the announcement linked readers to a tool where one could look at the hotels affected. Prominent security researcher Brian Krebs has since revealed on his blog that up to 1,175 hotels, over 20% of the groups 5,000 worldwide hotels, were compromised.

A forensic investigation identified signs of the malware operation used to access payment card data from front desks at hotel locations between September 29 and December 29, last year.

“Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017,” the announcement read.

The malware sought to acquire card data including the name of the card holder, the card number, expiration date and internal verification code present in the magnetic strip of a payment card from compromised hotel servers.

The data breach incident came to light last year when it was originally thought that a handful of Holiday Inns (a dozen properties) were affected. The hotel group’s announcement this week confirms that the breach was far more widespread than initially thought.

Meanwhile, the affected properties identified so far are all based in the United States and Puerto Rico. A USA Today report has revealed that the company is still investigating other properties, which could yet reveal more compromised hotel locations around the world. The operator is updating its list of all locations targeted and compromised hotels in a tool that can be found here.

The hotel is also urging anyone who stayed at one of its properties during the time period to review their card statements to check for any irregular or unauthorized activity.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Equifax Data Breach Exposes 143 Million Users’ Data to Identity Theft

Major credit reporting firm Equifax has confirmed a data breach that affects a staggering 143...

Read more arrow_forward

Time Warner Data Breach Exposes Millions of Customer Records

Charter Communications admitted that it had discovered a data breach containing the personal details...

Read more arrow_forward

HBO Refuses to Pay Hackers as Leaks Continue

HBO is refusing to negotiate with hackers who have allegedly stolen up to 1.5 terabytes of data from...

Read more arrow_forward

If you have any further questions, please don't hesitate to contact us.