Graham Cluley wrote:In a statement issued by IHG, which oversees 12 hotel brands including InterContinental Hotels & Resorts, Holiday Inn, Crowne Plaza, Kimpton, and Staybridge Suites, the company explained that malware stole guests’ payment card details as they paid for their accommodation at the front desk of hotels across America and Puerto Rico:IHG Hotel Group wrote:“Although there is no evidence of unauthorized access to payment card data after December 29 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017. Before this incident began, many IHG-branded franchise hotel locations had implemented IHG’s Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution. Properties that had implemented SPS before September 29, 2016 were not affected. Many more properties implemented SPS after September 29, 2016, and the implementation of SPS ended the ability of the malware to find payment card data and, therefore, cards used at these locations after SPS implementation were not affected.”
“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication that other guest information was affected.”
As IHG explains in its statement, it began its investigation back in February. Back then the company admitted a data breach had occurred – but believed that it had only impacted the payment card systems at 12 IHG-managed properties.
More on this story can be found here.
Let's discuss below!
