IHG, The Intercontinental Hotels Group, which owns Crowne Plaza and Holiday Inn, has recently announced a serious data breach that impacted 1174 of its franchise locations. The company reports that their Point of Sale (POS) system was found to have been infected with malware which intercepted and copied credit card transactions between September 29 and December 29, 2016. All but one of the
impacted hotels were located in the US, including:
• 163 in Texas
• 64 in California
• 61 in Florida
• 53 in Indiana
• 50 in Ohio
• 45 in New York
• 42 in Michigan
• And 39 in Illinois
The one hotel outside the US that was also impacted was a Holiday Inn in San Juan, Puerto Rico, making this a far-reaching, carefully orchestrated operation. As to what was taken, the breach is about as bad as it gets, with the hackers gaining access to account holder names, credit card numbers, expiration dates and security codes.
While IHG has not released the total number of impacted users, if you’ve stayed at Holiday Inns in any of the locations mentioned above during the timeframe when the malware was active, you’ll want to closely monitor your credit card statements for any suspicious activity. Contact your card provider to let them know that your information may have been exposed and your account may be at risk.
If there is a bright spot in the company’s announcement, it is the fact that locations with the company’s Secure Payment Solution (SPS) implemented were not impacted. The new point-to-point encryption payment acceptance solution proved its worth, and the malware was not able to capture any customer payment information.
This is but the latest in what seems to be an unending stream of relatively high-profile data breaches in recent years, and sadly, it will certainly not be the last.
You can visit IHG’s website to check whether the hotel you stayed at was one of the compromised ones, and if your credit card information is at risk.