14 DAY TRIAL // The InterContinental Hotels Group (IHG) is believed to have suffered a new breach that compromised the company’s payment systems at a number of locations in the United States, possibly exposing the credit card details of an unknown number of customers.
KrebsOnSecurity reports that IHG is already aware of a potential breach and says it’s currently investigating information that it received to determine whether any credit card data was compromised.
Holiday Inn and Holiday Inn Express hotels seem to be two of the locations that were targeted, as attackers managed to install malware on Point-of-Sale (POS) systems and then steal credit and debit card data while payments were processed.
“IHG takes the protection of payment card data very seriously. We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations. We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks,” the IHG was quoted as saying.
Investigation under way, customers must monitor bank statements
At this point, it’s hard to estimate how many customers could be impacted by this breach, but given the fact that these are two of the largest locations in the United States, the number of credit cards that might have been exposed is likely to be substantial.
IHG says the only recommendation it can offer right now is for its customers to monitor their card activity and report any unauthorized payments to banks.
This isn’t the first time when the InterContinental Hotels Group suffers this kind of breach, as earlier this year, a similar attack was discovered on POS devices used by Kimpton Hotels, also part of the same company.
Malware installed on payment systems between February and July was used to steal credit card information, including the security code, names, and cardholder names, which then allowed to make purchases and unauthorized payments.