Holiday Inn Parent Company Reports Massive Credit Card Data Breach

MOUNT KISCO, NY — InterContinental Hotels Group, a parent company of Holiday Inn, Crowne Plaza and Candlewood Suites and other hotels, has announced that more than 1,000 of its locations may have been subject to a breach of customer credit card information between Sept. 29 and Dec. 29, 2016. The breach was originally reported in February, but at that time the company said only about a dozen hotels were subject to the cyberattack.

There are three hotels in the Hudson Valley whose data was breached, between the following dates:

• Holiday Inn, One Holiday Inn Dr., Mount Kisco, Sept. 29, 2016 to Dec. 14, 2016.
• Holiday Inn, 68 Crystal Rd., Middletown, Sept. 29, 2016 to Dec. 20, 2016.
• Holiday Inn Express, 2750 South Rd., Poughkeepsie, Sept. 29, 2016 to Oct. 20, 2016.

The conglomerate discovered malware on its credit card processing systems tracked data from customers' transactions, including guests' names, credit card numbers, expiration dates and internal verification code. Customers who believe they may have been affected should check their credit card statements for unusual activity or fraudulent purchases.

IHG hired a cybersecurity firm to investigate the incident. While malware was not removed from the hotels' systems until the investigation in February and March of 2017, the group has found no evidence that any breaches occurred at Dec. 29. The group's hotels had begun moving to use Secure Payment Solutions, a program that encrypts customer credit card information, before the incident began.

[Get Patch’s Daily Newsletter and Real Time News Alerts here.]

If you've been a customer at one of the group's hotels during that time period and believe your credit card information might have been stolen, IHG has posted an easily searchable list of compromised hotels and the timeframes during which the information was vulnerable.

If you have questions, and reside in the United States, call 855-330-6367 from 8 a.m. to 8 p.m. ET, Monday to Friday. If you reside outside the United States, please call 800-290-9989 from 8 a.m. to 8 p.m. ET, Monday to Friday.

According to Krebs on Security, a cybersecurity blogger, the IHG's list of affected hotels include 1,175 locations out of 5,000 worldwide.

Companies across the globe, as well as governments, continue to struggle in the fight to keep data secure. In recent years, Yahoo suffered a massive breach of data for hundreds of millions of users. Home Depot and Target have both had credit card information stolen from millions of their customers. Even hospitals have been frequent targets of hackers looking for valuable personal information.

Written by Cody Fenwick (Patch National Staff) with additional reporting by Michael Woyton/Patch Staff.

Photo credit: Google Maps.