Malware struck the InterContinental Hotels Group (IHG) with 12 of its locations reporting a possible breach of payment card data from August to December, KrebsOnSecurityReports.
Servers for hotels in the U.S. were infected with malware that was trying to find track data from a card’s magnetic strip. This includes card numbers, names, expiration dates, and verification codes that had been gathered by the hotels’ restaurants and bars. Hotel front desk transactions were not affected.
The hotel group has not publicly stated if any data was in fact stolen and the number of breached cards has not been disclosed either. Customers can check this list for the details on when a hotel was infected and the time period involved. If you were a customer at one of the hotels, the company urges you to check for suspicious transactions and to contact authorities as necessary. The investigation is ongoing to see if more hotels have been affected.
“IHG has been working with the security firms to review IHG’s security measures, confirm that this issue has been remediated, and evaluate ways to enhance IHG’s security measures,” InterContinental said in a statement.
It added that it is working with law enforcement to investigate the breach and is in contact with banks to help make customers aware.
This isn’t the first time that InterContinental has been targeted by malicious actors. Hotels have become popular targets for hackers trying to steal payment card data given the volume of transactions that occur at hotels like InterContinental. In August, a hacker campaign dished out malware for Starwood, Marriott, and Hyatt hotels with malware allegedly scooping up payments data for over a year before it was detected.
Point-of-sale malware like this is regularly seen in the retail and hospitality sector like the infamous breaches at Target and Home Depot. The stolen data can be potentially sold on for a profit on illicit online marketplaces.
- One of the world’s most famous hotels is targeted by scammers
- Hackers expose personal details of 10 million MGM hotel guests
- Wawa data breach: Hacker is selling 30 million credit cards on the dark web
- Visa says magstripe credit cards are at risk of data theft if used at gas pumps
- Macy’s confirms hackers stole customer data from its website