April 20, 2017 by

Data Breach Hits over 1,000 Intercontinental Hotels

The Intercontinental Hotel Group, the operator of hotel chains like the Holiday Inn and the Intercontinental, has admitted to the discovery of a malware that compromised point-of-sale equipment used at front desks of its hotel properties.

While no numbers were specified, the announcement linked readers to a tool where one could look at the hotels affected. Prominent security researcher Brian Krebs has since revealed on his blog that up to 1,175 hotels, over 20% of the groups 5,000 worldwide hotels, were compromised.

A forensic investigation identified signs of the malware operation used to access payment card data from front desks at hotel locations between September 29 and December 29, last year.

“Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017,” the announcement read.

The malware sought to acquire card data including the name of the card holder, the card number, expiration date and internal verification code present in the magnetic strip of a payment card from compromised hotel servers.

The data breach incident came to light last year when it was originally thought that a handful of Holiday Inns (a dozen properties) were affected. The hotel group’s announcement this week confirms that the breach was far more widespread than initially thought.

Meanwhile, the affected properties identified so far are all based in the United States and Puerto Rico. A USA Today report has revealed that the company is still investigating other properties, which could yet reveal more compromised hotel locations around the world. The operator is updating its list of all locations targeted and compromised hotels in a tool that can be found here.

The hotel is also urging anyone who stayed at one of its properties during the time period to review their card statements to check for any irregular or unauthorized activity.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward