Customers at risk over Holiday Inn Hack

Guests have been warned they could have had money stolen after the owner of the Holiday Inn and Crowne Plaza hotel brands has disclosed that 1,200 of its franchisees’ properties have suffered a malware attack on its card payment system. The UK-based Intercontinental Hotels Group has said all but one of the locations affected were in the US, with the other being in Puerto Rico.

However there might be further hotels affected after Buckinghamshire-based IHG had previously reported in February that a dozen US hotels that it managed itself had been affected by the same attack.


“Payment card network rules generally state that cardholders are not responsible for such charges.”

Other affected brands include Hotel Indigo and Candlewood Suites.

IHG said an investigation had detected signs the malware had been active at front-desk payment locations at the hotels between 29 September and 29 December 2016. However, it only has confirmation that the threat was definitely eradicated last month.

The attack hijacked information taken from the payment cards’ magnetic strips as it was being routed through the hotels’ computer servers, said the hotel group.

IHG does not believe other guest information was stolen.

It has published a tool for visitors to check if hotels they stayed at are among those affected.

Original source BBCNews