New article: Customer’s card information stolen in malware attack from Holiday Inn hotel chain read more at here http://www.spinonews.com/index.php/general/item/3333-customer-s-card-information-stolen-in-malware-attack-from-holiday-inn-hotel-chain

The InterContinental Hotels Group, that owns Holiday Inn and Crown Plaza brands, has reported that the debit and credit card data of its customers has got infected and was stolen in a malware attack between September 29, 2016 and December 29, 2016.  

Initially only a dozen of properties were reported to have got affected but now it has expanded the list. The initial breach was reported in December by the security news site KrebsOnSecurity. The hotel chain has not published a full list of the properties that were affected but instead offered a state wise look up. The stocks of the U.K. Company were down by 0.1% in US markets.

The company confirmed that out of the company's brands, only Holiday Inn, Crown Plaza, Hotel indigo, Candlewood Suites and Staybridge Suites were affected.

Neil Hirsch, InterContinental Hotels communications director for the America mentioned that the hotels so far identified are all in the United States and Puerto Rico, but the company is still investigating other properties in the America and will update its look-up tool when the investigation is complete.

He added that approximately 1,200 franchise hotel locations in the America were affected. The company has a network of more than 5,000 hotels in over 100 countries so that could mean more than one-fifth of its hotels were affected.

The malware stole information read from the magnetic stripe of a payment card as it traveled through the affected hotel’s server. That information could have included the cardholder’s name in addition to card number, expiry date, and internal verification code. The company doesn’t believe other guest information was affected, it said in its statement.

The company suggests that anyone who stayed at one of its properties during the time period the malware was present review their payment card statement for any unauthorized activity and report the charges to the credit card issuer.

 

Since card info is shared with the hotel through booking process even before the guest arrives so it provides ample opportunity and entry points to the hackers.