Hackers breach Intercontinental hotel servers, steal customer data

Hackers breach Intercontinental hotel servers, steal customer data

Hackers breach Intercontinental hotels servers, steal customer data

InterContinental Hotels Group PLC has confirmed that a number of its hotels in the United States and in Puerto Rico were targeted by dedicated and successful cyber-attacks in the latter half of 2016.

Between September 29 and December 29, unnamed hackers stole a large number of customer card details by hacking into IHG's payment servers.

“Although there is no evidence of unauthorised access to payment card data after December 29 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017."

"The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication that other guest information was affected,” said the group via a press release.

Cyber crime affects 1 in 5 UK businesses

Based in the UK, InterContinental Hotels Group PLC has a network of as many as 5,028 hotels across the world, a majority of which operate under franchise agreements. These hotels include the likes of Holiday Inn, Crowne Plaza, InterContinental and Candlewood Suites. The group has published a list of hotels affected by the data breach in the United States and Puerto Rico which you can see here.

The worrying part about the data breach is that it was discovered not by the group's cyber security arm itself, but by the group's card providers. The fact that this isn't the first time that IT infrastructure of hotels have been breached, points to a serious gap between capabilities of hackers and that of such hotels in protecting their secured data.

Was the brexit vote site hacked intentionally? Report says maybe...

It is expected that strict adherence to the PCI DSS cyber security standards as well as to the upcoming General Data Protection Regulation (GDPR) will ensure hotels and other large businesses will be able to protect their servers as well as confidential customer data from falling in the hands of professional hackers. The GDPR mandates that erring firms who fail to protect their data will be liable to pay either 4% of their annual worldwide turnover or €20 million, whichever will be higher, as fines.

Could AI be the answer to cyber security?

Copyright Lyonsdown Limited 2020

Top Articles

Hackers exploited critical flaws in Accellion FTA to steal client data

Accellion suffered a breach in December that compromised more than 100GB of sensitive data associated with the its enterprise customers.

Hacker stole 3.3m customer data records from Filipino loan firm Cashalo

Cashalo, a digital credit company in the Philippines, suffered a massive breach that compromised over 3.3 million customer data records.

A lack of manpower is exposing the world’s cyber-vulnerabilities

As well as investing in talent, the cyber security industry needs to promote transparency and global cooperation

Related Articles