Over 1000 InterContinental hotels in the US and Puerto Rico, including under the Holiday Inn, Kimpton and Crowne Plaza brands, have had their systems compromised, with attackers targeting customer credit card data.
InterContinental Hotels Group (IHG) originally released a statement back in February, saying that about a dozen of its locations had been compromised with credit card stealing malware. This came after an investigation by security experts and notifications from banks, which saw suspicious transactions. However, IHG has now released data which points to over 1000 locations being infected in the US alone. The breach took place between September 29, 2016 and December 29, 2016.
IHG operates hotels around the world in almost 100 countries, so it’s unclear how far this breach goes. What is known however, is that the attackers planted malware on the hotel systems, designed to find and transmit unencrypted credit card info which would then be transferred to blank cards, or simply used for fraud.
IHG was quick to point that the hotels in its chain which adopted its “secure payment solution” (SPS), did not suffer from this attack, and that the hotels which adopted the SPS system after the start of the infection cut the attack short. The SPS system secures data by encrypting all credit card info every time it’s used.
This is just the latest in a long string of digital attacks that target hotel chains. Last year we reported on similar breaches at high-end locations like Marriott, Westin, Starwood, Hilton, and Hyatt.
Source: KrebsOnSecurity