Holiday Inn admits credit card-stealing malware hit 1200 locations

Customers affected made payments between September 29, 2016 and December 29, 2016.

Hotel operators have become popular targets because they are easier to breach than other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers, said Itay Glick, chief executive of Israeli cyber-security company Votiro. It's pretty straightforward, presenting a list of affected hotels in whichever city you choose.

The data breach was discovered on December 28, 2016 after clients reported unauthorised, fraudulent charges on cards previously used at a number of United States hotels owned by the hotel giant.

"The investigation identified signs of the operation of malware created to access payment card data from cards used onsite at the front desk at certain IHG-branded franchise hotel locations". IHG says it'll add any additional locations to the list when its investigation wraps up.

The page also contains a caveat that a "small percentage of IHG-branded franchise properties did not participate in the investigation", which is definitely not enough information. IHG said the number of affected customers is unknown.

InterContinental Hotels Group PLC (LON:IHG)'s stock had its "hold" rating reissued by equities research analysts at Deutsche Bank AG in a report released on Friday.

More news: Diet Soft Drinks Triple The Risk of Dementia

So far, IHG says there's no evidence that the stolen credit card data has been used. The breaches are believed to have occurred from September through December 2016.

It is unclear exactly how many IHG customers were affected by the data breach.

IHG has admitted that 1,200 of its hotels across the U.S. and Puerto Rico have been hit by the malware, which has grabbed data from cards including cardholders' names, credit card numbers, expiration dates and security codes. "Law enforcement has also been notified", said an IHG statement.

A cyber security firm IHG hired to examine its payment card processing systems discovered malware that searches for data on the magnetic stripe of payment cards as they are being routed through hotel servers.

In a lengthy missive on Friday, the group explained that an unspecified number of IHG hotels run as franchises were affected between September 29 and December 29 a year ago.

IHG recommends guests remain vigilant to the possibility of fraud by reviewing payment card statements for any unauthorized activity and reporting such activity to the card issuer.

Edition: