14 DAY TRIAL // The data breach that affected the InterContinental Hotels Group a while back is far worse than originally thought, affecting thousands and thousands of visitors.
Back in February, InterContinental Hotels Group (IHG) announced they had suffered a data breach in late December 2016. Originally, they said it was a minor problem, having impacted only 12 IHG-managed properties.
Soon after, IHG called for help from cybersecurity professionals to sort out the mess. Their findings indicate a much deeper and worse problem. Attackers had apparently been able to install malware on the servers handling the payment card processing. This resulted in attackers gathering loads of data like cardholder names, card numbers, internal verification codes, which enabled them to clone cards and make fraudulent payments.
Customers had been notified of the problem and this was thought to be the end of the problem. But then researchers found that the problem didn't just affect 12 properties of the IHG. Instead, the malware was "designed to access payment card data from cards used onsite at front desks at properties between September 29 and December 29, 2016," they said.
More widespread than originally thought
"Before this incident began, many IHG-branded franchise hotel locations had implemented IHG’s Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution. Properties that had implemented SPS before September 29, 2016 were not affected. Many more properties implemented SPS after September 29, 2016, and the implementation of SPS ended the ability of the malware to find payment card data and, therefore, cards used at these locations after SPS implementation were not affected," they said.
The problem is that, when checking their location list, only a few of them had SPS implemented before that date. Another group of locations had the problem fixed by the end of October, but for most, the problem ended in late December. This is probably why they're not even giving numbers right now, since this is an issue that affected so many locations.
IHG is not the first, nor will it be the last hotel group to suffer from hacker activity. It is best, however, to make sure to stay vigilant if you've visited any of their locations in the period they were affected by this malware. You can check their locations yourself, by selecting the state you were in and the city. Report any unauthorized charges to your card issuer if you detect any issues.