Massive hotel payment breach spurred by malware at front desks

The latest major, large-scale payments breach is one affecting Holiday Inn and other chains that fall under the InterContinental Hotels Group banner. That company is a major player in the hotel market, with Computerworld reporting more than 5,000 individual locations in 100 countries, along with at least eight lodging brands in its portfolio. With 1,175 locations affected by the breach of customer payment data, more than one in five of the organization's total holdings were affected.

The extent of the breach

"1,175 locations were affected by the breach of customer payment data."

Computerworld said cybercriminals targeted point-of-service software at the front desks of the hotels, using malware installed in those systems to access customers' payment information. The breach was first brought to the attention of the international hotel group in late 2016, according to industry journalist Brian Krebs.

The breach stretched from late September 2016 through late December of the same year, a statement from the hotel group said. While the business has no evidence of data being taken after the new year began, some hotels didn't have the malware removed from their systems until February and March. The breach stretched across the country, including nearly all U.S. states, the District of Columbia and Puerto Rico. States with the highest numbers of hotels affected included Texas, with 163, California, with 64, Florida, with 61, and Indiana, with 53, Computerworld said.

The investigation isn't and may not ever provide a complete accounting, as InterContinental Hotels Group cannot force franchisees to take part in the investigation and some declined to participate.

Krebs noted 2016 was an unfortunately busy year for hotels and payment data breaches, with nine major chains suffering their ill effects. In particular, Trump Hotels and White Lodging each had to deal with two separate breaches during the year. The common thread running through most of those incidents was the focus on the front desk and its payment systems. Similar to the InterContinental Hotels Group incident, hackers introduced malware into point-of-service systems and then captured the valuable and sensitive payment information.

A focus on safe and secure credit card payment software is vital for businesses of all sizes. The many negative consequences associated with a payment data breach are often hard to overcome, from reputational damage to a decline in customers visiting your business. To learn more about effective card payment processing security, talk to 911 Software today.

Scroll to Top