Security Experts:

InterContinental Hotels Investigating Possible Card Breach

British multinational hotel company InterContinental Hotels Group (IHG) has launched an investigation after being informed of a possible payment card breach at some of its properties in the United States.

Investigative journalist Brian Krebs learned from his sources in the financial industry that a pattern of fraud had been observed on credit and debit cards used at some IHG properties, particularly Holiday Inn and Holiday Inn Express hotels.

IHG said it had been aware of the fraud patterns and launched an investigation with the aid of an outside security company.

“We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations,” IHG stated. “We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks.”

Until the investigation is completed, the hotel company has advised customers to closely monitor their payment card statements and immediately notify their bank of any unauthorized charges.

IHG has more than 5,000 hotels across nearly 100 countries. Its brands include InterContinental, Kimpton, Holiday Inn, Crowne Plaza, Hualuxe, Indigo, and Even.

Kimpton Hotels & Restaurants informed customers in late July that it had launched an investigation into a possible card breach. The investigation, completed roughly one month later, revealed that cybercriminals had installed malware on servers responsible for processing payment cards at restaurants and front desks.

The malware targeted card data, including number, expiration date, internal verification code and, in some cases, cardholder name. The malware was present on the hotel’s systems between February 16 and July 7, 2016.

InterContinental hotels were also caught up in a breach suffered earlier this year by HEI Hotels & Resorts. HEI informed customers in mid-August that 20 of the hotels it operates in the U.S. were affected by a security breach involving payment card information.

The hospitality sector has been increasingly targeted by cybercriminals. The list of major companies that recently admitted suffering a data breach includes Noodles & Company, Hard Rock Hotel & Casino Las Vegas, Trump Hotels, Millennium Hotels & Resorts and Omni Hotels.

Related: MICROS Hackers Targeted Five Other PoS Vendors

Related: Madison Square Garden Discovers Payment System Breach

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.