In late December 2016, we revealed that IHG had hired a security consultant to investigate whether they had been subject of a data-breach. Now we can confirm that the data breach is verified by IHG themselves in a press release issued late last Friday.
IHG said it found malicious software installed on point of sale servers at restaurants and bars of 12 IHG-managed properties between August and December 2016.
ATLANTA, Feb. 3, 2017 /PRNewswire/ — IHG® values the relationship it has with its guests and understands the importance of protecting payment card data. On Dec. 28, 2016, IHG reported it was conducting an investigation after receiving a report of unauthorized charges occurring on some payment cards that were used at a small number of U.S. hotel properties. IHG hired leading cyber security firms to examine the payment card processing systems for the hotels that it manages in the Americas region. Based on the investigation, IHG is providing notification to guests who used their payment card at restaurants and bars of 12 company managed properties during the time periods from August 2016 – December 2016. An investigation of other properties in the Americas region is ongoing.
Findings show that malware was installed on servers that processed payment cards used at restaurants and bars of 12 IHG managed properties. Cards used at the front desk of these properties were not affected. The malware searched for track data (cardholder name, card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected server.
A list of the affected restaurants and bars, along with the specific time frames for each (times vary by location) is located at www.ihg.com/protectingourguests. The site also contains more information on steps guests may take to protect their information. It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card.
IHG has been working with the security firms to review IHG’s security measures, confirm that this issue has been remediated, and evaluate ways to enhance IHG’s security measures. IHG has notified law enforcement and is working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards. IHG also has established a dedicated call center to answer any questions affected guests may have.
For additional information about this incident, please visit the IHG website at www.ihg.com/protectingourguests.
A list of hotels from the release can be found here:
Restaurant Name(s) | Bar Name(s) | Hotel Address (Name) | Start Date | End Date |
|---|---|---|---|---|
Sevens Bar & Grill |
| 777 Bellew Drive, Milpitas, CA 95035 (Crowne Plaza San Jose-Silicon Valley) | 8/1/2016 | 12/20/2016 |
Bristol Bar & Grille |
| 1300 Columbus Avenue, San Francisco, CA 94133 (Holiday Inn San Francisco Fisherman's Wharf) | 8/1/2016 | 12/11/2016 |
Mari Los Angeles | Copper Lounge | 2151 Avenue of the Stars, Los Angeles, CA 90067 (InterContinental Los Angeles Century City) | 8/1/2016 | 12/20/2016 |
Knob Hill Club | Top of the Mark | 999 California Street, San Francisco, California 94108 (InterContinental Mark Hopkins) | 8/17/2016 | 12/15/2016 |
Luce | Bar 888 | 888 Howard Street, San Francisco, CA 94103 (InterContinental San Francisco) | 8/18/2016 | 12/15/2016 |
Southern Art Restaurant | Bourbon Bar | 3315 Peachtree Road NE, Atlanta, GA 30326 (InterContinental Buckhead Atlanta) | 8/1/2016 | 11/9/2016 |
Michael Jordan’s Steak House & Bar; Center Court | Eno | 505 N. Michigan Ave, Chicago, IL 60611 (InterContinental Chicago Magnificent Mile) | 8/1/2016 | 12/15/2016 |
Cafe Du Parc | Round Robin | 1401 Pennsylvania Avenue NW, Washington, DC 20004 (InterContinental The Willard) | 8/1/2016 | 12/2/2016 |
Sea Breeze Restaurant & Bar; Oceanside Bar & Grill; Da Vinci Ristorante; Corals Restaurant; Pizza Now! | Palm Bar | J. E. Irausquin Boulevard #230, Palm Beach, Aruba (Holiday Inn Resort – Aruba) | 8/1/2016 | 11/28/2016 |
Signatures Restaurant | Proof Vodka Bar; Sky Lounge | 220 Bloor Street West, Toronto, ON M5S1T8, Canada (InterContinental Toronto Yorkville) | 8/1/2016 | 11/28/2016 |
Trattoria Italiana; Caio Mediterranean; Akua; La Bodeguita | Q-Bar; Ottana Bar; SAK-I | 5961 Isla Verde Ave, Carolina, PR 00979 (InterContinental San Juan Resort & Casino) | 8/1/2016 | 11/28/2016 |
Restaurant at former Holiday Inn Nashville Airport |
| 2200 Elm Hill Pike, Nashville, TN 37214 (Holiday Inn Nashville Airport) | 8/1/2016 | 9/1/2016 |
If you have concerns about Data Loss in your business – consider a full-blown Data Loss Prevention or DLP solution.