Malware struck the InterContinental Hotels Group (IHG) with 12 of its locations reporting a possible breach of payment card data from August to December, KrebsOnSecurityReports.
Servers for hotels in the U.S. were infected with malware that was trying to find track data from a card’s magnetic strip. This includes card numbers, names, expiration dates, and verification codes that had been gathered by the hotels’ restaurants and bars. Hotel front desk transactions were not affected.
The hotel group has not publicly stated if any data was in fact stolen and the number of breached cards has not been disclosed either. Customers can check this list for the details on when a hotel was infected and the time period involved. If you were a customer at one of the hotels, the company urges you to check for suspicious transactions and to contact authorities as necessary. The investigation is ongoing to see if more hotels have been affected.
“IHG has been working with the security firms to review IHG’s security measures, confirm that this issue has been remediated, and evaluate ways to enhance IHG’s security measures,” InterContinental said in a statement.
It added that it is working with law enforcement to investigate the breach and is in contact with banks to help make customers aware.
This isn’t the first time that InterContinental has been targeted by malicious actors. Hotels have become popular targets for hackers trying to steal payment card data given the volume of transactions that occur at hotels like InterContinental. In August, a hacker campaign dished out malware for Starwood, Marriott, and Hyatt hotels with malware allegedly scooping up payments data for over a year before it was detected.
Point-of-sale malware like this is regularly seen in the retail and hospitality sector like the infamous breaches at Target and Home Depot. The stolen data can be potentially sold on for a profit on illicit online marketplaces.