Security Experts:

Connect with us

Hi, what are you looking for?



InterContinental Hotels Investigating Possible Card Breach

British multinational hotel company InterContinental Hotels Group (IHG) has launched an investigation after being informed of a possible payment card breach at some of its properties in the United States.

British multinational hotel company InterContinental Hotels Group (IHG) has launched an investigation after being informed of a possible payment card breach at some of its properties in the United States.

Investigative journalist Brian Krebs learned from his sources in the financial industry that a pattern of fraud had been observed on credit and debit cards used at some IHG properties, particularly Holiday Inn and Holiday Inn Express hotels.

IHG said it had been aware of the fraud patterns and launched an investigation with the aid of an outside security company.

“We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations,” IHG stated. “We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks.”

Until the investigation is completed, the hotel company has advised customers to closely monitor their payment card statements and immediately notify their bank of any unauthorized charges.

IHG has more than 5,000 hotels across nearly 100 countries. Its brands include InterContinental, Kimpton, Holiday Inn, Crowne Plaza, Hualuxe, Indigo, and Even.

Kimpton Hotels & Restaurants informed customers in late July that it had launched an investigation into a possible card breach. The investigation, completed roughly one month later, revealed that cybercriminals had installed malware on servers responsible for processing payment cards at restaurants and front desks.

The malware targeted card data, including number, expiration date, internal verification code and, in some cases, cardholder name. The malware was present on the hotel’s systems between February 16 and July 7, 2016.

InterContinental hotels were also caught up in a breach suffered earlier this year by HEI Hotels & Resorts. HEI informed customers in mid-August that 20 of the hotels it operates in the U.S. were affected by a security breach involving payment card information.

The hospitality sector has been increasingly targeted by cybercriminals. The list of major companies that recently admitted suffering a data breach includes Noodles & Company, Hard Rock Hotel & Casino Las Vegas, Trump Hotels, Millennium Hotels & Resorts and Omni Hotels.

Related: MICROS Hackers Targeted Five Other PoS Vendors

Related: Madison Square Garden Discovers Payment System Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...