Last week, InterContinental Hotels Group (IHG) announced it had suffered a data breach at multiple IHG-branded franchise hotel locations in the U.S. and Puerto Rico during the period of September 29, 2016 to December 29, 2016.
IHG did not disclose the exact number of properties impacted. To learn which properties were impacted, guests need to search for hotels that may have been impacted on IHG’s website.
It’s the second such data breach the company has revealed this year. The earlier breach, announced in February, impacted 12 hotels in the U.S. The company operates and manages hotel brands that include Holiday Inn, Holiday Inn Express, Candlewood Suites, Hotel Indigo, and InterContinental Hotels.
IHG said a cybersecurity investigation revealed that malware accessed payment card data from cards used on site at some of its franchisee-operated properties in the Americas, thereby generating unauthorized charges on those cards after being used at IHG front desks.
The company added that while there’s no evidence that unauthorized access to payment card data took place after December 29, confirmation that the malware was removed didn’t take place until the properties were investigated in February and March of this year.
IHG also noted that before this breach, many of IHG’s franchise-operated hotels had installed IHG’s Secure Payment Solution, a point-to-point encryption payment acceptance solution, and that those properties that had this technology prior to September 29 or shortly thereafter were not impacted by this most recent breach. Properties that had implemented SPS before September 29, 2016 were not affected.
IHG said that it also doesn’t believe any other guest information, other than cardholder names and numbers, was taken by the hack.
IHG isn’t the only hotel company to suffer from recent breaches of customer credit card data. Other hotel brands that have dealt with this recently include Trump Hotels, Hard Rock Hotels, Omni Hotels & Resorts, and Hilton Hotels.