2 min read

Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware

Graham CLULEY

April 19, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware

When a company starts a statement to customers with words describing how it “understands the important of protecting payment card data” you know that you’re about to hear some bad news…

That’s precisely what InterContinental Hotels Group (IHG) has been forced to share with guests who stayed at a number of IHG-franchise hotel locations between September 29 and December 29 2016.

IHG didn’t reveal just how many hotel properties were considered to be at risk, but my examination of the state-by-state lookup tool they published online reveals it to be higher than 1170.

In a statement issued by IHG, which oversees 12 hotel brands including InterContinental Hotels & Resorts, Holiday Inn, Crowne Plaza, Kimpton, and Staybridge Suites, the company explained that malware stole guests’ payment card details as they paid for their accommodation at the front desk of hotels across America and Puerto Rico:

“Although there is no evidence of unauthorized access to payment card data after December 29 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017. Before this incident began, many IHG-branded franchise hotel locations had implemented IHG”s Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution. Properties that had implemented SPS before September 29, 2016 were not affected. Many more properties implemented SPS after September 29, 2016, and the implementation of SPS ended the ability of the malware to find payment card data and, therefore, cards used at these locations after SPS implementation were not affected.”

“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication that other guest information was affected.”

As IHG explains in its statement, it began its investigation back in February. Back then the company admitted a data breach had occurred – but believed that it had only impacted the payment card systems at 12 IHG-managed properties.

Now it is clear that over 1170 hotels are impacted, meaning the potential pool of victims is much much larger.

IHG says that, on behalf of affected franchise hotels, it has been working closely with payment card networks, and has informed law enforcement agencies about the security breach.

It should go without saying that anyone who believes they may be at risk should keep a close eye on their payment card statements for unusual transactions.

In recent years many hotel chains – including Hyatt, Omni, Hilton Hotels, Starwood Hotels, and Trump Hotels – have found themselves targeted by criminals using malware to steal payment card information.

The problem has become so serious that you might start to wonder whether it might be safer to pay on hotel properties with cash, or at least with a card which has a low payment limit.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read