InterContinental Data Breach Expands From 12 to 1,200 Hotels
InterContinental Hotels Group (IHG) has released new information on a data breach that shows the cyberattack's consequences are far worse than originally believed.
In February, the hotel chain parent company, which includes brands such as Crowne Plaza, Holiday Inn, Candlewood Suites, and Kimpton Hotels and Resorts, among others, admitted to a data breach first discovered in late December last year.
The company first asserted that the compromise was rather minor, having only impacted 12 IHG-managed properties.
However, IHG immediately called in reinforcements in the form of cybersecurity professionals to investigate the problem. The team discovered that attackers were able to install malware on the servers that the hotels' payment card processing systems relied upon, which in turn slurped up information contained in credit card tracks such as cardholder names, card numbers, and internal verification codes — all of which could be used to clone cards and make fraudulent payments.