Holiday Inn and Holiday Inn Express May Have Been Breached; Check Your Charges
January 12, 2017
InterContinental Hotels Group (IHG) reported recently that they are investigating a possible data breach at some of their brands. Specifically affected are Holiday Inn and Holiday Inn Express locations, but Crowne Plaza, Staybridge Suites, and Candlewood Suites may also be included. It isn’t known what specific details were accessed, but payment card information of some kind is part of this.
It is advised that anyone using a payment card at the hotels or at retail locations including restaurants in any IHG property be especially diligent at checking payment card statements. If anything looks suspicious, report it right away to the card issuer. While consumers have limited responsibility with regard to fraudulent charges on their cards, it is still up to them to report suspicious charges within a reasonable amount of time. That typically means within 30 days. The sooner these are resolved, the less expensive for the consumer as well as the financial institutions.
Usually breaches like this happen when malware is installed on the point-of-sale (POS) machines in the retail locations. That can happen several ways:
Someone clicks a phishing link or opens an attachment with malware included in it.
A system is not updated with the latest patches and a cyber criminal takes advantage of a vulnerability to get inside the network.
A third party gets access to administrator login credentials.
POS malware has been responsible for many breaches lately included the infamous Target breach, as well as Home Depot. More recently this group included CiCis Pizza, Eddie Bauer, Wendy’s, and Noodles & Company. Other hotel chains that have been hit with it recently include, HEI Hotels, which runs many Omni, Marriott, and Hyatt locations as well as other chains, Hilton, Starwood, and Trump Hotels.
IHG has issued a statement that they are committed to quickly resolving this matter and are continuing to work with the payment card networks. They also have hired a top outside security firm to help investigate.
© Copyright 2017 Stickley on Security
