Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Owners of Holiday Inn and Crowne Plaza suffer huge cyber attack
The giant hoteliers InterContinental Hotel Group (IHG) have issued their worrisome findings after conducting an internal investigation into their hotels.
The huge company – owners of popular hotel chains Holiday Inn and Crowne Plaza – began their investigation when malicious software was detected on their front desk systems late last year. Whilst the breach into their systems were detected as early as 29 September 2016, traces of the malware is suspected to have remained until March of this year.
Having breached the company’s customer database, the malware managed to access and obtain the following information:
Armed with these details, the data thieves could easily be able to access or even directly steal money from cardholders without ever needing to physically look at the card!
The breach was first identified in December when experts identified a number of breaches at hotels. The experts noticed patterns and recognised that malware may have been used to target hotels. A month later, IHG told the reporters of the breach that only a dozen of their hotels were affected.
In fact, the total number of hotels affected is almost 100 times the number IHG first stated. Some 1,175 hotels were identified to have been affected by the malware. Now imagine how many guests each hotel must have accommodated? This breach potentially involves millions of customers. Although IHG has around 5,000 hotels across 100 countries, Computer World reported that all of the hotels affected were either in the U.S., Canada, or Puerto Rico.
You may recognise famous brands IHG owns, including:
Whilst the U.K. is reportedly not affected, if you have stayed in an IHG hotel whilst abroad in the U.S., Canada, or Puerto Rico, it’s definitely worth checking your bank account for any suspicious activity.
IHG issued the following statement:
“The Investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks for certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016. Although there is no evidence of unauthorized access to payment card data after December 29. 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017.“
IHG offers little else about how the payment systems were attacked in the first place. It’s not yet known if IHG was subject to a hacking or if perhaps a receptionist clicked on some malicious software. For most guests, which is a lot, the key question is probably “which specific hotels are affected“? IHG has created a webpage whereby the searcher clicks on the country, state, and city to see which hotels were affected. For frequent travellers who have visited more than one of IHG’s hotels, the site offers no alternative for a quicker mass search.
Due to the nature of hotel usage, whilst the location of the affected hotels remain in the U.S., Canada and Puerto Rico, thousands of guests could easily be from abroad and may not even be aware of the breach. There is no indication from the IHG that they have notified the affected customers, so we advise if you suspect you have visited one of the affected hotels, check your bank account now and contact your bank.
Since the majority of the IHG hotels are franchise brands and not directly owned by IHG, some hotels aren’t taking part in the investigations. Some others are apparently still in the midst of conducting theirs. As data controllers of such sensitive information, the hotels should take steps to ensure their security measures are intact. For the unfortunate ones who have had their defences breached, action needs to be taken.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.