1,200 hotel chains worldwide affected by malware data breach
debit or credit card details are exposed

1,200 hotel chains worldwide affected by malware data breach

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

InterContinental Hotels Group (IHG) originally believed that 12 of their properties were compromised from the data breach, but it now transpires that approximately 1,200 IHG hotels are affected.

On the 19th April 2017, IHG released new information in regards to the data breach. The information shows that the cyber-attack’s consequences were far worse than originally thought.

The data breach led to the theft of hotel guests credit card information.

Which hotels are affected?

In February 2016, the IHG admitted to the data breach where cyber-attacker(s) compromised payment systems at IHG chains in multiple locations worldwide. IHG is a parent company of hotel chains including Crowne Plaza, Holiday Inn in the U.K., Candlewood Suites, and Kimpton Hotels and Resorts are other hotel chains that are also in the mix.

When the breach was first discovered

According to the conglomerate, the data breach was discovered on the 28th December 2016. The data breach was thought to be discovered as several clients reported unauthorised and fraudulent charges on their credit cards previously used at some of the U.S. hotel chains owned by IHG.

IHG’s response

After the breach, IHG released a written response to what had happened. In order to have a thorough investigation, the IHG hired a cybersecurity firm on behalf of the hotel chains to examine the payment card processing systems in the U.S. region. Following the investigation, it gave indications that malware designed to access payment card data from cards was used.

They note that, although there was no evidence that card details were accessed after the 29th December 2016, IHG received confirmation that the malware hadn’t been wiped until their investigations in February and March 2017.

IHG hotels implemented what they call a ‘Secure Payment Solution’ (SPS), which is reportedly fully encrypted. The hotels that used the SPS before 29th September 2016 weren’t affected. Since 29th September, many other hotels implemented the SPS system, and this ended the ability of the malware to find payment card data. Those cards used at the locations after the SPS was implemented were also not affected.

The malware allowed data to be searched – i.e. the cardholder’s name, card number, expiration date, and internal verification code – which was gathered through the magnetic stripe of the payment cards as they were being used on the hotel server.

A list of the affected hotels can be found here:

The IHG reminds affected guests to “remain vigilant” with the possibility of fraud on the horizon. They advise that all guests should review their payment card statements in the event of fraudulent activity.

IHG are reassuring their guests that they’re “working closely with the payment card networks as well as the cybersecurity firm to confirm that the malware has been eradicated.” They’ve also noted that they’re looking at new ways for the hotels to enhance their cybersecurity, but have yet to detail what these new ways are.

A little too late?

IHG advised all of its guests to remain vigilant. However, I believe it’s a little too late for some. They should’ve given that some thought when they failed to protect their systems which allowed the cyber-attack to take place.


Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon