British multinational hotel company InterContinental Hotels Group (IHG) has launched an investigation after being informed of a possible payment card breach at some of its properties in the United States.
Investigative journalist Brian Krebs learned from his sources in the financial industry that a pattern of fraud had been observed on credit and debit cards used at some IHG properties, particularly Holiday Inn and Holiday Inn Express hotels.
IHG said it had been aware of the fraud patterns and launched an investigation with the aid of an outside security company.
“We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations,” IHG stated. “We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks.”
Until the investigation is completed, the hotel company has advised customers to closely monitor their payment card statements and immediately notify their bank of any unauthorized charges.
IHG has more than 5,000 hotels across nearly 100 countries. Its brands include InterContinental, Kimpton, Holiday Inn, Crowne Plaza, Hualuxe, Indigo, and Even.
Kimpton Hotels & Restaurants informed customers in late July that it had launched an investigation into a possible card breach. The investigation, completed roughly one month later, revealed that cybercriminals had installed malware on servers responsible for processing payment cards at restaurants and front desks.
The malware targeted card data, including number, expiration date, internal verification code and, in some cases, cardholder name. The malware was present on the hotel’s systems between February 16 and July 7, 2016.
InterContinental hotels were also caught up in a breach suffered earlier this year by HEI Hotels & Resorts. HEI informed customers in mid-August that 20 of the hotels it operates in the U.S. were affected by a security breach involving payment card information.
The hospitality sector has been increasingly targeted by cybercriminals. The list of major companies that recently admitted suffering a data breach includes Noodles & Company, Hard Rock Hotel & Casino Las Vegas, Trump Hotels, Millennium Hotels & Resorts and Omni Hotels.
Related: MICROS Hackers Targeted Five Other PoS Vendors
Related: Madison Square Garden Discovers Payment System Breach
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
