Breach Investigation at Holiday Inn Parent IHG

January 03, 2017//Ellen Neveux

Last Updated: June 29, 2018

While many were traveling the world getting ready to celebrate the holidays, fraud patterns were detected at several InterContinental Hotels Group (IHG) properties – including Holiday Inn.

KrebOnSecurity was the first to report the likely breach of the Denham, UK based hotelier. After prompting from Krebs, the company confirmed they were aware of a concerning number of credit and debit card fraud reports from customers and financial institutions.

IHG issued this statement in response to the events: “IHG takes the protection of payment card data very seriously. We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations. We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks.”

“We are committed to swiftly resolving this matter. In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements. If there are unauthorized charges, individuals should immediately notify their bank. Payment card network rules generally state that cardholders are not responsible for such charges.”

IHG is an international enterprise with over 5,000 properties around the world. They own several popular hotel chains including Kimpton Hotels, Crowne Plaza, and Holiday Inn.

Rising trend of breaches
IHG is just the latest in a rising trend of credit card breaches at retail and hospitality enterprises over the past couple of years. As the company continues their investigation, we can only speculate about the cause of the breach. However, point-of-sale vendors have too often found themselves in the middle of many of these financial account incidents. This always calls into question how companies manage vendor access and prevention methods that could be utilized at the administrative level.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Subscribe to the SecureLink Blog.
close close