InterContinental Hotels Group (IHG) has confirmed that a credit card breach impacted at least a dozen properties between August and Dec. 2016.
The hotel conglomorate, which owns over 5,100 properties across several brands, acknowledged in a Feb 3. statement that investigations found " that malware was installed on servers that processed payment cards used at restaurants and bars of 12 IHG managed properties."
Though IHG owns several global brands including Kimpton Hotels, Hotel Indigo, EVEN Hotels, and Candlewood Suites, the breach only affected properties under the Holiday Inn Hotels & Resorts, Crowne Plaza Hotels & Resorts and InterContinental Hotels & Resort brands.
The stolen data included information such as the cardholder’s name, card number, expiration date, and internal verification code – all stored on the magnetic stripe on the backs of customer credit and debit cards. But the hotel group has confirmed that cards used at the front desk of hotels however were not affected.
IHG has provided a list of the affected restaurants and bars along with the specific time frames for each location.
The investigation is ongoing in the Americas region.
To customers who have recently stayed at an IHG property, the company is advising that guests “remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner."
In the past several months, other hotels have acknowledged security breaches. Hilton Hotels confirmed a wave of card security breaches at hotel restaurants and gift shops in 2015. And in July 2016, IHG's Boutique hotel group Kimpton investigated reports of possible credit card breaches at several properties.