The InterContinental Hotels Group (IHG) has confirmed that 12 of its US-based hotels were hit with a data breach that saw hackers target payment card data. The confirmation comes a little over a month after the Holiday Inn parent company claimed that it was investigating claims of a potential breach, according to a report.
The hospitality giant said that payment cards used between August and December 2016, at restaurants and bars of the 12 hotels, were affected by the breach. The hackers infected the hotels' servers, which processed payment card data, with malware.
The malware searched for track data read from the magnetic strip of payment cards, including data such as cardholders' name, card number, expiration date, and internal verification code. The hotel chain claimed that the malware did not affect payment cards used at the front desk.
The hotel giant said in a statement, "IHG has been working with the security firms to review IHG's security measures, confirm that this issue has been remediated, and evaluate ways to enhance IHG's security measures. IHG has notified law enforcement and is working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards."
Properties affected include the InterContinental Chicago Magnificent Mile, the InterContinental San Francisco and Holiday Inn Resort – Aruba, Reuters reported. IHG also said that it is currently also investigating its other hotels in the Americas.
IHG has yet to clarify how many customers were affected by the breach and if the cybercriminals were successful in stealing any data.
IBTimes UKhas reached out to IHG for further clarity on the matter.