Hackers breach Intercontinental hotel servers, steal customer data

Hackers breach Intercontinental hotel servers, steal customer data

Hackers breach Intercontinental hotels servers, steal customer data

InterContinental Hotels Group PLC has confirmed that a number of its hotels in the United States and in Puerto Rico were targeted by dedicated and successful cyber-attacks in the latter half of 2016.

Between September 29 and December 29, unnamed hackers stole a large number of customer card details by hacking into IHG's payment servers.

“Although there is no evidence of unauthorised access to payment card data after December 29 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017."

"The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication that other guest information was affected,” said the group via a press release.

Cyber crime affects 1 in 5 UK businesses

Based in the UK, InterContinental Hotels Group PLC has a network of as many as 5,028 hotels across the world, a majority of which operate under franchise agreements. These hotels include the likes of Holiday Inn, Crowne Plaza, InterContinental and Candlewood Suites. The group has published a list of hotels affected by the data breach in the United States and Puerto Rico which you can see here.

The worrying part about the data breach is that it was discovered not by the group's cyber security arm itself, but by the group's card providers. The fact that this isn't the first time that IT infrastructure of hotels have been breached, points to a serious gap between capabilities of hackers and that of such hotels in protecting their secured data.

Was the brexit vote site hacked intentionally? Report says maybe...

It is expected that strict adherence to the PCI DSS cyber security standards as well as to the upcoming General Data Protection Regulation (GDPR) will ensure hotels and other large businesses will be able to protect their servers as well as confidential customer data from falling in the hands of professional hackers. The GDPR mandates that erring firms who fail to protect their data will be liable to pay either 4% of their annual worldwide turnover or €20 million, whichever will be higher, as fines.

Could AI be the answer to cyber security?

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles