Intercontinental Hotels Group confirms second credit card breach

Malware skimmed customer data from systems

Hotel

Intercontinental Hotels Group (IHG) has suffered a second breach of its payment card systems, the company admitted. 

It said in a notification that the breach happened in some hotels between 29 September and 29 December 2016. It said it had hired a cyber security firm to investigate the breach, which "identified signs of the operation of malware designed to access payment card data from cards" used on site at front desks at certain hotels.

Advertisement - Article continues below

It added that there was no evidence of payment card data being accessed after 29 December, but cautioned that it couldn't confirm the eradication of the malware until investigations began in February and March of this year.

The hotel chain said the malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic strip of a payment card as it was being routed through the affected hotel server. "There is no indication that other guest information was affected," it said in a statement.

The hotel chain had suffered a breach earlier in the year. This breach not only affected its hotels but also bars and restaurants at hotels, such as the Knob Hill Club and Michael Jordan's Steak House and Bar at Intercontinental Chicago. 

Advertisement
Advertisement - Article continues below

It also published a list of affected operations and times they were breached in a separate web page. The list features over a thousand hotels affected by the malware.

Advertisement - Article continues below

The chain has now deployed point-to-point encryption payment in a bid to prevent malware from searching systems for card data. The hotel affected by the breach had not previously implemented this security measure.

In addition, a subsidiary of Intercontinental Hotels, Kimpton Hotels, is fighting a class action lawsuit over allegations that the chain failed to adequately protect guests' payment card data and other personal information.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

2 Mar 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020