Skip to main content

1,200 InterContinental hotels were breached by credit card stealing malware

1,200 InterContinental hotels were breached by credit card stealing malware

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Bob Woolmer Death Investigation Continues
Photo by Matt Cardy/Getty Images

InterContinental Hotels Group said earlier this year that about a dozen of its hotels had been infected with credit-card stealing malware — it turns out, the number was around 100 times that.

The hotel group, which operates Holiday Inn, Kimpton, and several other brands, has now released details on the broader scope of the security breach. “Approximately 1,200 IHG-branded franchise hotel locations in the Americas were affected,” a company spokesperson tells The Verge.

IHG says it doesn’t know how many customers’ information was stolen

And that number could be higher. KrebsOnSecurity, which broke news of this breach back in December, points out that IHG hasn’t inspected all of its hotels yet — some of its hotels are franchises, and it’s been reaching out to those locations asking them to take part in the investigation.

IHG confirmed that the investigation was ongoing in an email to The Verge, saying that a “small percentage” of franchises haven’t participated. The investigation is also still ongoing at some properties that are participating. The group says it has 3,925 hotels in the Americas.

IHG has published a look-up tool to let its guests see if a hotel they stayed at was breached. You can use the tool here. It’s pretty straightforward, presenting a list of affected hotels in whichever city you choose. IHG says it’ll add any additional locations to the list when its investigation wraps up.

The breach started at the end of September 2016 and continued to the end of December 2016, according to IHG. The hotel group says there’s no evidence the malware was active after December 29th, however it’s not positive that all the malware was actually removed until this March.

IHG is just telling affected customers to keep an eye on their bills

So far, IHG says there’s no evidence that the stolen credit card data has been used. But it says that stolen data may include “cardholder name in addition to card number, expiration date, and internal verification code,” which should be more than enough to put them to use.

IHG says it doesn’t know how many customers are affected. And it isn’t currently offering help to those who are affected, either. The company just says that guests should “remain vigilant to the possibility of fraud” by reviewing their card statements, which isn’t exactly a proactive solution.

These massive, chain-wide credit system breaches are increasingly common. Target and Home Depot were both hit with major breaches in the last few years. And KrebsOnSecurity points to limited breaches within Hilton, Hyatt, Starwood, and Trump Hotels, among others, in the recent past, too.

Today’s Storystream

Feed refreshed Two hours ago Striking out

Andrew WebsterTwo hours ago
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.

The Verge
Andrew Webster4:28 PM UTC
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.

Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.

External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.

External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.

Spain’s Transports Urbans de Sabadell has La Bussí.

Once again, the US has fallen behind in transportation — call it the Bussí gap. A hole in our infrastructure, if you will.

External Link
Jay PetersSep 23
Doing more with less (extravagant holiday parties).

Sundar Pichai addressed employees’ questions about Google’s spending changes at an all-hands this week, according to CNBC.

“Maybe you were planning on hiring six more people but maybe you are going to have to do with four and how are you going to make that happen?” Pichai sent a memo to workers in July about a hiring slowdown.

In the all-hands, Google’s head of finance also asked staff to try not to go “over the top” for holiday parties.

External Link
Insiders made the most money off of Helium’s “People’s Network.”

Remember Helium, which was touted by The New York Times in an article entitled “Maybe There’s a Use for Crypto After All?” Not only was the company misleading people about who used it — Salesforce and Lime weren’t using it, despite what Helium said on its site — Helium disproportionately enriched insiders, Forbes reports.