IHG Data Breach Far Bigger Than Initially Reported

In what has become an all-too-common occurrence for hotel guests, another major hotel chain has confirmed a payment card data breach affecting hotels across the U.S.

This past February the InterContinental Hotels Group (IHG), which owns popular brands including Holiday Inn and Crowne Plaza, announced it had launched an investigation into a series of unauthorized charges on cards that were used at a dozen properties between August 2016 and December 2016.

On Friday, IHG confirmed the malware was more widespread, affecting hundreds of properties.

MORE Hotel & Resort

How Will the US Hotel Experience Change Post COVID-19?

Xcaret Park and Hotel Xcaret Mexico to Reopen on June 15

Caesars Entertainment Announces Las Vegas Reopening Plans

The U.K.-based company said its investigation turned up signs of malware designed to access payment card data from cards used at the front desk of certain locations between September 29, 2016, and December 29, 2016. 

The malware sought out track data from debit and credit cards' magnetic stripes. That data can include things like cardholder name, card number, expiration date and internal verification code.

According to KrebsonSecurity, cyber thieves typically target point-of-sale devices at hotel restaurants and bars, installing the malware via hacked administration tools. The thieves can then collect the data from each card that is swiped and have it encoded onto any card with a magnetic stripe.

IHG didn't say how many properties were affected, but guests can search by state and city to find out if their hotel was impacted and, if so, for what duration of time.

READ MORE: IHG Reports Payment Card Breach at 12 Properties

The good news for guests is that hotels have begun adopting a solution to combat cyber thieves. IHG has been implementing Secure Payment Solution (SPS) to protect customers' payment card information moving forward.

IHG said that hotels where SPS was present prior to September 29, 2016, were unaffected. Many more properties implemented SPS after that date, according to IHG, thereby eliminating the malware threat.

IHG is just one of many hotel giants that have been victimized by malware in recent years. The list includes companies like Hilton, Trump Hotels, Starwood Hotels & Resorts, Hyatt Hotels and Kimpton.

It's always smart to review your payment card statements and monitor them for potential fraud. So long as any unauthorized charges are reported in a timely manner, cardholders aren't responsible for the charges. 

Follow @_Pat_Clarke