InterContinental Hotel Group Breach
• A breach on the card payment systems of a major hotel chain are larger than expected. In February 2017 it was reported that the InterContinental Hotel Group had experienced breaches on 12 of its hotels. IHG are now reporting that many more such breaches at its locations, possibly upwards of a 1000.
• The hotel giant has released a finder tool on its website listing all of the affected IHG locations. The tool shows 50 US states and one location in Puerto Rico. While the full number has not yet been counted, Brian Krebs, the investigative journalist who first broke the story, reckons that there could be more than 1000 locations affected.
• IHG runs over 5000 hotels across 100 countries and plenty of brands including Holiday Inn and Crowne Plaza hotels, making it a major hotelier.
• A statement released on the hotel’s website says that the malware, which infected the hotels’ card payment systems, was identified between 29 September and 29 December 2016.
• The statement adds that “there is no evidence of unauthorised access to payment card data” after 29th December, it still took until March 2017 to ensure that the malware had been completely expunged from the systems.
• The company’s statement notes that many IHG locations had implemented “a point to point encryption payment” solution. Those that had done so before September 2016, were not affected by the breach and many more did so after the breach. The implementation of the solution effectively ended the ability of the malware to steal data.