InterContinental Hotel Group reveals thousands of guests had their credit card details stolen
data breach compensation for card skimming

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

InterContinental Hotel Group reveals thousands of guests had their credit card details stolen

Owners of Holiday Inn and Crowne Plaza suffer huge cyber attack

The giant hoteliers InterContinental Hotel Group (IHG) have issued their worrisome findings after conducting an internal investigation into their hotels.

The huge company – owners of popular hotel chains Holiday Inn and Crowne Plaza – began their investigation when malicious software was detected on their front desk systems late last year. Whilst the breach into their systems were detected as early as 29 September 2016, traces of the malware is suspected to have remained until March of this year.

What information was stolen?

Having breached the company’s customer database, the malware managed to access and obtain the following information:

  • Cardholder names;
  • Credit card numbers;
  • Expiration dates;
  • Security codes.

Armed with these details, the data thieves could easily be able to access or even directly steal money from cardholders without ever needing to physically look at the card!

Playing it down

The breach was first identified in December when experts identified a number of breaches at hotels. The experts noticed patterns and recognised that malware may have been used to target hotels. A month later, IHG told the reporters of the breach that only a dozen of their hotels were affected.

If only…

In fact, the total number of hotels affected is almost 100 times the number IHG first stated. Some 1,175 hotels were identified to have been affected by the malware. Now imagine how many guests each hotel must have accommodated? This breach potentially involves millions of customers. Although IHG has around 5,000 hotels across 100 countries, Computer World reported that all of the hotels affected were either in the U.S., Canada, or Puerto Rico.

You may recognise famous brands IHG owns, including:

  • Holiday Inn;
  • Holiday Inn Resort;
  • Holiday in Express;
  • Crowne Plaza;;
  • Hotel Indigo;
  • InterContinental;
  • Kimpton;
  • Staybridge Suites;
  • Candlewood Suites.

Whilst the U.K. is reportedly not affected, if you have stayed in an IHG hotel whilst abroad in the U.S., Canada, or Puerto Rico, it’s definitely worth checking your bank account for any suspicious activity.

IHG issued the following statement:

The Investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks for certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016. Although there is no evidence of unauthorized access to payment card data after December 29. 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017.

IHG offers little else about how the payment systems were attacked in the first place. It’s not yet known if IHG was subject to a hacking or if perhaps a receptionist clicked on some malicious software. For most guests, which is a lot, the key question is probably “which specific hotels are affected“? IHG has created a webpage whereby the searcher clicks on the country, state, and city to see which hotels were affected. For frequent travellers who have visited more than one of IHG’s hotels, the site offers no alternative for a quicker mass search.

You may have been affected

Due to the nature of hotel usage, whilst the location of the affected hotels remain in the U.S., Canada and Puerto Rico, thousands of guests could easily be from abroad and may not even be aware of the breach. There is no indication from the IHG that they have notified the affected customers, so we advise if you suspect you have visited one of the affected hotels, check your bank account now and contact your bank.

Since the majority of the IHG hotels are franchise brands and not directly owned by IHG, some hotels aren’t taking part in the investigations. Some others are apparently still in the midst of conducting theirs. As data controllers of such sensitive information, the hotels should take steps to ensure their security measures are intact. For the unfortunate ones who have had their defences breached, action needs to be taken.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon