In February we told you that InterContinental Hotels Group (IHG) announced that malware was discovered on the servers at 12 of its hotels in North America. Now, the company has reported that approximately 1,200 IHG-branded franchise locations may have been affected. Travelers who used cards at the locations identified here on IHG's website should stay alert to fraudulent charges in their accounts.
The data breach occurred between September 29th and December 29th, 2016. The company reports that there is no evidence of unauthorized access to payment card data after this time period, however, confirmation of the malware's removal did not occur until March of this year and a few franchise locations are still being investigated.
IHG has reported that the malware searched for information known as "track data", which includes cardholder name, card number, expiration date, and verification code. Data was taken from the card's magnetic stripe of a card as it was sent through the infected server.
Data breaches seem to be commonplace today. It's good to always be vigilant about monitoring your accounts and your credit reports, and to take steps to minimize your exposure to data fraud and malware. Travel and Transport's guide, "6 ways to protect yourself against a data breach" is a good place to start.
In addition, IHG has published the following tips for travelers who believe they may have been affected by this data breach:
We recommend that you remain vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:
Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800
If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:
Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft
IHG's hotel brands include InterContinental Hotels & Resorts, Kimpton Hotels & Restaurants, Hotel Indigo, EVEN Hotels, HUALUXE Hotels and Resorts, Crowne Plaza Hotels & Resorts, Holiday Inn Hotels & Resorts, Holiday Inn Express, Staybridge Suites and Candlewood Suites.
Their website contains all of the latest updates on the situation, including what is being done to address the issue and steps that affected guests should take to safeguard their data. Click here for the latest updates.