ALERT: InterContinental Hotels Group Confirms Data Breach (April 19, 2017)

April 19, 2017

InterContinental Hotels Group (IHG) confirmed another data breach late last week in an official statement. A list of affected IHG franchise locations and respective time frames, which may vary by location, is available here.

This latest breach occurred at more than 1,100 locations between September 29 and December 29, 2016. The hotel brands impacted include: Candlewood Suites, Crowne Plaza, Holiday Inn, Holiday Inn Express, Hotel Indigo, and Staybridge Suites.

In February, IHG announced a breach impacting credit cards used at the hotel bars and restaurants from August through December 2016.

According to Skift:

Last week, InterContinental Hotels Group (IHG) announced it had suffered a data breach at multiple IHG-branded franchise hotel locations in the U.S. and Puerto Rico during the period of September 29, 2016 to December 29, 2016.

IHG did not disclose the exact number of properties impacted. To learn which properties were impacted, guests need to search for hotels that may have been impacted on IHG’s website.

It’s the second such data breach the company has revealed this year. The earlier breach, announced in February, impacted 12 hotels in the U.S. The company operates and manages hotel brands that include Holiday Inn, Holiday Inn Express, Candlewood Suites, Hotel Indigo, and InterContinental Hotels.

Business Travel News reports:

The credit card breach that affected payment cards used at InterContinental Hotels Group properties last year hit a much broader swath of the company’s franchise portfolio than the 12 revealed back in February.

IHG issued a statement disclosing that cards used at IHG franchise locations in North America and Puerto Rico between Sept. 29, 2016, and Dec. 29, 2016, may have been affected by malware installed on front-desk payment systems at certain locations. IHG didn’t disclose which properties the breach targeted, but an online database of hotels that might have been affected includes more than 1,100 locations under the Holiday Inn, Holiday Inn Express, Staybridge Suites, Candlewood Suites, Crowne Plaza and Hotel Indigo brands.

The adoption of IHG’s Secure Payment Solution, a point-to-point-encryption payment-acceptance solution, halted the malware’s effectiveness at locations where it was installed last year, according to IHG. The company said investigations revealed no indication that guest information beyond cardholder name, card number, expiration date and internal verification code were affected.

Please contact the PR Team if you have any questions or concerns: TravelLeadersGroupPR@TravelLeaders.com.