InterContinental Hotels Suffers Cyberattack

British owner of Holiday Inn and Crowne Plaza – InterContinental Hotels Group – confirms “unauthorised access” to systems

InterContinental Hotels Group (IHG) has admitted its computer network has been hacked, but it is not clear at this stage what data has been compromised.

The admission from the British hospitality giant, which owns 6,028 hotels in more than 100 countries, including well known hotel chains such as Holiday Inn, InterContinental, Regent, and Crowne Plaza, came in a filing with the London Stock Exchange.

And it should be noted that this is not the firm time the group has been compromised. In April 2017, IHG confirmed the method used by hackers to steal customer payment card details from around 1,200 of its franchised properties.

IHG cyberattack

Five years ago the group found that between September and December 2016, malware had infected the cash registers at a number of its hotels worldwide, and siphoned off information read on the magnetic strips of payment cards as it was routed through the servers of the hotels.

IHG at the time warned that gusts of its hotels may have had their money stolen as a consequence of the malware attack, given that the information stolen could have included card numbers, verification codes and expiration dates; essentially all the information needed to authorise a payment.

Now in 2022, IHG has been more circumspect about the details of the latest breach, when it confirmed to the London Stock Exchange on Tuesday that it has “been subject to unauthorised activity.”

“IHG’s booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing,” it said. “IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.”

“IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident,” it said. “We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG’s hotels are still able to operate and to take reservations directly.”

The group said that a further update will be provided “as and when appropriate.”

Ransomware attack?

While there is no confirmation about what type of cyberattack took place, the fact that IHG mentioned that it is “working to fully restore all systems as soon as possible” may suggest a ransomware attack.

Hotels have suffered a number of high profile cyberattacks in the past decade.

In 2015 hotel chain Hilton revealed that some of its payment systems had been infected with malware that organised the theft of targeted customer information.

But perhaps the most famous hotel cyberattack was against Marriott International.

The “colossal” hack on Marriott International was first revealed to the world back in December 2018, and it affected the personal details and payment card data on up to 340 million people – dating right back to 2014.

The data breach happened when the systems of the Starwood hotels group were compromised in 2014.

Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018.

In July 2019 Marriot was handed a £99 million fine by the UK data protection watchdog.

And to make matters worse, in April 2020, Marriott confirmed it had suffered a second data breach, that had compromised the personal data of roughly 5.2 million guests around the world.