InterContinental Hotels Investigates Credit Card Data Breach
Holiday Inn parent company InterContinental Hotels Group (IHG), which runs more than 5,000 hotels worldwide, is investigating a possible credit card breach at some U.S. locations.
KrebsOnSecurity received reports last week from sources who work in fraud prevention at a number of financial institutions. The sources told Krebs they were seeing fraud patterns on debit and credit cards that suggested a breach at IHG properties, particularly Holiday Inn and Holiday Inn Express hotels.
A spokesperson for IHG told Krebs the company had already received similar reports and had hired an outside security firm to assist in the investigation. The company stated, “IHG takes the protection of payment card data very seriously. We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations. We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks.”
The company also said they will work to quickly resolve the breach, but they advise customers to monitor their credit card statements for fraudulent transactions. “We are committed to swiftly resolving this matter. In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements. If there are unauthorized charges, individuals should immediately notify their bank. Payment card network rules generally state that cardholders are not responsible for such charges.”
This is not the first breach IHG has suffered this year. Kimpton Hotels suffered a similar attack. Hackers were able to compromise the payment card system by installing malware on the payment terminals of over 60 hotels and restaurants. Once the malware is installed, criminals have access to the credit card information of anyone who pays at the terminal. Card information includes the cardholder name, card number, expiration date and CVV code.