April 20, 2017 by

Data Breach Hits over 1,000 Intercontinental Hotels

The Intercontinental Hotel Group, the operator of hotel chains like the Holiday Inn and the Intercontinental, has admitted to the discovery of a malware that compromised point-of-sale equipment used at front desks of its hotel properties.

While no numbers were specified, the announcement linked readers to a tool where one could look at the hotels affected. Prominent security researcher Brian Krebs has since revealed on his blog that up to 1,175 hotels, over 20% of the groups 5,000 worldwide hotels, were compromised.

A forensic investigation identified signs of the malware operation used to access payment card data from front desks at hotel locations between September 29 and December 29, last year.

“Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017,” the announcement read.

The malware sought to acquire card data including the name of the card holder, the card number, expiration date and internal verification code present in the magnetic strip of a payment card from compromised hotel servers.

The data breach incident came to light last year when it was originally thought that a handful of Holiday Inns (a dozen properties) were affected. The hotel group’s announcement this week confirms that the breach was far more widespread than initially thought.

Meanwhile, the affected properties identified so far are all based in the United States and Puerto Rico. A USA Today report has revealed that the company is still investigating other properties, which could yet reveal more compromised hotel locations around the world. The operator is updating its list of all locations targeted and compromised hotels in a tool that can be found here.

The hotel is also urging anyone who stayed at one of its properties during the time period to review their card statements to check for any irregular or unauthorized activity.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Millions of User Account Details Stolen in Internet Radio 8Tracks Breach

Millions of users’ accounts at popular internet radio service 8tracks have been stolen by...

Read more arrow_forward

Are you prepared for a data breach?

No one is one hundred percent safe and protected from experiencing a breach. A breach should always...

Read more arrow_forward

DocuSign Data Breach Sees Hackers Steal Millions of Users’ Email Addresses

 Popular digital signature service DocuSign has confirmed a hack of its systems wherein an unnamed...

Read more arrow_forward

If you have any further questions, please don't hesitate to contact us.