InterContinental Hotels Group issued a statement notifying guests of data breaches at 12 properties throughout the United States from August to December 2016.

The company, which issued its statement February 3, said an investigation is ongoing, but based on what IHG knows so far, it appears that malware was installed on servers that processed payment cards used at the restaurants and bars of 12 IHG-managed hotels. Credit cards used at the front desks of these hotels were not impacted by the malware, the company says.

The malware on these servers searched for data about cardholder names, card numbers, expiration dates, and internal verification codes. A list of the affected restaurants and bars, along with the specific time frames for each is listed on IHG’s website.

Impacted restaurants and bars include Luce and Bar 888 at the InterContinental San Francisco, as well as the Michael Jordan’s Steak House & Bar at the InterContinental Chicago Magnificent Mile.

IHG said it is working with security firms and has notified law enforcement of the breach in an effort to enhance its data security going forward.

Guests or patrons who may have been affected by the breach are advised to contact their credit card issuers and to call the following number: 855-656-6586.

Photo Credit: The Luce Restaurant at the InterContinental San Francisco was one of a number of restaurants and bars at IHG-managed hotels in the U.S. that were impacted by a recent data breach. Luce Restaurant