by Michael J. Shapiro | April 18, 2017
InterContinental Hotels Group has acknowledged unauthorized malware was found at a number of properties in the U.S. and Puerto Rico, potentially affecting credit cards used at the front desk between Sept. 29 and Dec. 29, 2016. The breach affected properties beyond the 12 company-managed hotels that IHG disclosed in February, where cards used at restaurants and bars might have been compromised. IHG did not reveal the number of impacted hotels this time; guests who believe they may have been affected by the breach can search for specific hotels here.
According to IHG, there is no evidence that unauthorized payment-card access occurred after Dec. 29; however, the company did not receive confirmation that malware was eradicated until the affected properties were investigated by a cybersecurity firm in February and March of this year. Hotels that had implemented IHG's Secure Payment Solution, which encrypts payment information, before Sept. 29 were not affected. Many hotels began using SPS after Sept. 29, which prevented any additional intrusions following implementation of the tool.
The compromised information might have included card numbers, expiration dates and internal verification codes, but there's no evidence to suggest any additional guest information was stolen. More information, such as what actions guests may take and any applicable state regulations, can be found at
Data breaches have become increasingly widespread and over the past few years have affected a number of hotel companies.