Cyber Incident Victim: InterContinental Hotels Group PLC
Date:
Dec 2016
Location:
United States of America
Summary
InterContinental Hotels Group (IHG) investigated potential unauthorized credit card activity affecting certain U.S. properties, primarily Holiday Inn and Holiday Inn Express locations, following reports from financial institutions about fraudulent charges on customer payment cards. The company acknowledged the probe, emphasizing its commitment to payment card security after receiving alerts regarding suspicious transactions. The incident mirrored broader hospitality sector vulnerabilities involving card data compromises, though specific technical causes or confirmed breach details remained under investigation at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late December 2016, InterContinental Hotels Group (IHG) launched an investigation into potential credit card breaches affecting select U.S. properties under its Holiday Inn and Holiday Inn Express brands. The inquiry followed reports from multiple financial institution fraud prevention teams, which had identified a pattern of unauthorized transactions on customer credit and debit cards traced back to stays at IHG-affiliated locations. KrebsOnSecurity initially documented these concerns after receiving consistent alerts from banking sector sources about compromised payment cards. IHG publicly acknowledged the probe through a corporate spokesperson, confirming they had been notified about fraudulent charges potentially linked to their systems. The company emphasized its serious approach to payment card security but did not disclose the number of affected properties, estimated timeframe of exposure, or specific geographic locations involved. Initial evidence pointed to point-of-sale system compromises, though IHG did not confirm whether malware infiltration or other attack vectors caused the suspected breach. This incident occurred amidst ongoing challenges for the hospitality sector, which frequently experiences card breaches due to high transaction volumes and historically fragmented security implementations across franchise locations.
IHG's response centered on coordinating with cybersecurity forensic experts to assess payment processing systems while maintaining standard corporate communications about taking the matter seriously. The company refrained from releasing technical details about the suspected breach mechanism or potential data exfiltration methods during the initial investigation phase. Financial institutions continued monitoring card transaction patterns to identify additional compromised accounts, with some banks proactively reissuing cards flagged for suspicious activity at IHG properties. The incident highlighted persistent vulnerabilities in hotel payment systems despite industry-wide adoption of EMV chip card technology, which had reduced counterfeit card fraud but not eliminated risks from malware-infected point-of-sale devices. IHG's corporate structure, encompassing thousands of franchised and managed properties worldwide, complicated centralized security oversight at the time of the incident. No further public updates regarding investigation findings or confirmed data compromise were released in the immediate aftermath of the initial disclosure.