UK-based hotel group InterContinental (IHG), the world’s second largest hospitality business, has discovered that the malware attack it suffered in autumn 2016 has affected more than a fifth of its 5000 plus properties – rather than the mere dozen or so it initially announced in February. The attack infected cash registers with malicious malware designed to steal customer debit and credit card data.
IHG was quick to claim that rapid implementation of its Secure Payment Solution (SPS) has limited the damage and that the malware has been eradicated across its estate – which includes Holiday Inn, Crowne Plaza, Kimpton and Staybridge Suites. However, according to cybersleuth Brian Krebs, some of InterContinental’s franchises have so far declined the offer of a forensic health check, meaning the true number could be much higher. Customers have been advised to check their payment card statements for any rogue activity.
These types of hacks are by no means rare, in recent years many hotel chains have been the targets of malware designed to filch sensitive credit card information from guests. Interestingly, Trump Hotels is one of several other high-profile hospitality chains to attract unwelcome attention from hackers in recent times. We wonder why.