InterContinental Hotels Group (IHG), the parent company for thousands of hotels worldwide including Holiday Inn, acknowledged Friday that a credit card breach impacted at least a dozen properties nationwide. News of the breach was first reported [krebsonsecurity.com] by KrebsOnSecurity more than a month ago.
In a statement [prnewswire.com] issued late Friday, IHG said it found malicious software installed on point of sale servers at restaurants and bars of 12 IHG-managed properties between August and December 2016. The stolen data included information stored on the magnetic stripe on the backs of customer credit and debit cards — the cardholder name, card number, expiration date, and internal verification code.
A list of the known breached locations is here [ihg.com]. IHG said cards used at the front desk of these properties were not affected.
According to IHG, we may not yet know the full scope of this breach: The company advised that its investigation into other properties in the Americas region is ongoing.
Source:
https://krebsonsecurity.com/2017/02/intercontinental-confirms-breach-at-12-hotels/ [krebsonsecurity.com]