The Intercontinental Hotels Group — parent company to a number of hotel chains, including Holiday Inn and Holiday Inn Express — is investigating a possible breach of customers’ payment card data.
In addition to the Holiday Inn brands, InterContinental owns a number of chains: Crowne Plaza, Staybridge Suites, Candlewood Suites, Hotel Indigo, Even Hotels, and Kimpton. Several Kimpton hotels fell victim to a payment card breach earlier this year, and some InterContinental-owned properties run by HEI Hotels & Resorts were part of a small breach earlier this year as well.
Sources in the financial industry have told information security reporter Brian Krebs that they’re seeing fraudulent transactions on cards that were used at InterContinental properties, especially Holiday Inn.
The company responded that it “takes the protection of payment card data very seriously” and is aware of the problem. “We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations,” the company said in a statement. “We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support. We continue to work with the payment card networks.”
If you’ve stayed at a Holiday Inn or another IHG brand property recently, keep a close eye on your credit or debit card statements and immediately report any transactions that don’t look right to your bank. If you’ve stayed at one of the company’s properties recently and your bank has preemptively issued you a new card, this may be why.
How can you protect yourself from breaches like this? You can’t, especially when a company’s point of sale systems are themselves infected with malware.
The only way to keep your payment card numbers out of bad guys’ hands is to never buy anything with a card, and that’s very difficult. Instead, monitor your statements, and use a credit card instead of a debit card when possible so fraud doesn’t drain your bank account.