Guests who stayed at Holiday Inn, Holiday Inn Express or other InterContinental Hotel Groups properties in the final months of 2016 may have had their credit card data stolen by hackers, the hotel chain announced last week.
The breach was first reported in December. InterContinental Hotel Groups, the parent company of Holiday Inn, Holiday Inn Express, Crowne Plaza Hotels & Resorts among other brands, initiated an investigation into the breach.
“The investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks for certain IHG-branded franchise locations between September 29, 2016 and December 29, 2016,” the company announced.
According to ComputerWorld, 1,174 hotels in the United States were breached, including 163 in Texas, 64 in California, 61 in Florida, 49 in North Carolina, 38 in Georgia, 19 in South Carolina, 10 in Washington and four in Idaho. You can search for a specific hotel here.
IHG said “a small percentage” of properties did not participate in the investigation and the investigation is “still being completed” at some properties.
“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification cord) read from the magnetic stripe of a payment card as it was being routed through the affect hotel server,” the company said. “There is no indication that other guest information was affected.”