InterContinental Hotel Group (IHG), confirmed Friday that a credit card breach affected at least 12 of its properties in the United States.
IHG released a statement late Friday explaining it found malicious software installed on point of sale servers between August and December 2016 at restaurants and bars of 12 IHG-managed properties. Here’s a detailed list of the affected properties: https://www.ihg.com/content/us/en/customer-care/protecting-our-guests
The stolen credit card data includes information stored on the magnetic stripe of credit & debit cards, including cardholder name, card number, expiration date, and internal verification code.
While IHG states that cards used at the front desks of these properties were not affected, they also have said that they may not know the full scope of the breach.
Fraudsters targeting the hospitality industry is nothing new. Over the last 2 years, POS breaches have affected Wyndham Worldwide, Trump Hotels, Evans Hotels, Hilton Hotels, Starwood Hotels & Resorts, to Hyatt Hotels and HEI Hotels & Resorts, just to name a few. It’s safe to say that the hospitality industry is certainly lacking in terms of adequate security measures.
Even though PCI DSS compliance standards require an organization to implement solutions like File Integrity Monitoring, very few retailers operate these requirements sufficiently well. NNT’s real-time, continuous File Integrity Monitoring, records changes to any binary system or application files, as well as any text-based configuration files, recording what changed and who made the change. Threat Intelligence feeds are leveraged to automatically confirm the legitimacy of any file changes detected, providing an incontestable confirmation of know good status. All file attributes are tracked, including a unique, secure hash value to highlight APT malware.
Read the official IHG statement