IHG Hack Hit Hospitality Guests in the Wallet

  /     /     /  
Publicated : 22/11/2024   Category : security


IHG Hack Hit Hospitality Guests in the Wallet


Malware on IHG servers sent credit card info to stay with thieves.



In December 2016, hotel conglomerate IHG announced a data breach that affected credit card transactions in restaurants and shops at approximately a dozen hotels. Last week, the company provided a bit of clarity on the word approximately: After further investigation, it seems that
customers at more than 1,000 hotels
might have been hit by credit card theft.
A Danish researcher, Christian Sonne,
walked through the list of affected hotels
and put the minimum number at 1,175. For customers, though, the issue might be less, how many hotels and more, how will this affect me?
Image: Creative Commons License by
teadrinker
In a report on the incident, researchers at Kaspersky Labs note that
the breach was due to malware
on the servers they use to process credit cards. The malware captured track data -- information on credit cards magnetic stripes, including the card number, expiration date and internal verification code.
IHG acknowledged that the breaches were active through at least December 29, 2016, though theres no certainty that the malware was eliminated until the breach was investigated in February and March of this year. The hospitality industry as a whole has been hit hard by breaches of this sort; in a blog post on the subject, security researcher
Brian Krebs wrote
, Hotel brands that have acknowledged card breaches over the last year after prompting by KrebsOnSecurity include Kimpton Hotels, Trump Hotels (twice), Hilton, Mandarin Oriental and White Lodging (twice). Card breaches also have hit hospitality chains Starwood Hotels and Hyatt.
Some commentators have criticized IHG for the website on which they list the properties known to have been affected by the breach. The location website asks users to walk through a number of
drop-down menus
in order to find the hotels in a particular city that were hit by the malware. The listing, while complete, can be cumbersome, especially for business travelers who might have stayed in a number of different properties during the time of the attacks.
In the announcement of the breaches, IHG notes that their new payment system makes the type of attack impossible and assures customers that all malware and traces of the attack have been removed from the IHG systems.
— Curtis Franklin, Security Editor,
Light Reading
. Follow him on Twitter
@kg4gwa
.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
IHG Hack Hit Hospitality Guests in the Wallet