Data Breach Investigation at Holiday Inn Parent IHG

January 03, 2017//Tori Taylor

Last Updated: May 12, 2022

While many were traveling the world getting ready to celebrate the holidays, fraud patterns were detected at several InterContinental Hotels Group (IHG) properties – including Holiday Inn.

KrebOnSecurity was the first to report the likely data breach of the Denham, UK based hotelier. After prompting from Krebs, the company confirmed they were aware of a concerning number of credit and debit card fraud reports from customers and financial institutions.

IHG issued this statement in response to the events: “IHG takes the protection of payment card data very seriously. We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations. We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks.”

“We are committed to swiftly resolving this matter. In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements. If there are unauthorized charges, individuals should immediately notify their bank. Payment card network rules generally state that cardholders are not responsible for such charges.”

IHG is an international enterprise with over 5,000 properties around the world. They own several popular hotel chains including Kimpton Hotels, Crowne Plaza, and Holiday Inn.


Rising Trend of Breaches in the Financial Services Sector

IHG is just the latest in a rising trend of credit card breaches at retail and hospitality enterprises over the past couple of years. As the company continues their investigation, we can only speculate about the cause of the breach.

However, point-of-sale vendors have too often found themselves in the middle of many of these financial data breaches. This always calls into question how companies manage vendor access and prevention methods that could be utilized at the administrative level.


About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close