In December, several banks had identified hospitality giant InterContinental Hotels Group as the common link among customers with otherwise unrelated fraudulent credit card transactions. InterContinental is now confirming the breach and releasing information on which of its hotels’ restaurants and bars were affected.

InterContinental might not be a familiar name, but its brands include Holiday Inn, Crowne Plaza, Crowne Plaza, Staybridge Suites, Candlewood Suites, Hotel Indigo, Even Hotels, and Kimpton.

Like other recent hotel breaches, the hotel’s online and front desk payment systems weren’t affected, but the malware harvested card numbers from restaurants and bars that are part of the hotel or resort.

According to Krebs on Security, the site where we learned about this breach, malware installed on point of service terminals (a modern way of saying “cash registers”) steals customers’ credit card numbers without employees even knowing about it.

Similar breaches at other hotels have happened just in the last year at HEI Hotels and Resorts, Trump Hotel Collection, and a separate incident at Kimpton.

The company has notified customers who used their cards at the affected eateries between August 2016 and December 2016.

Provided by IHG, here’s the list of bars and restaurants that were compromised. The dates vary by property, and the list is not complete, since the investigation is ongoing.

Restaurant Name(s)	Bar Name(s)	Hotel Address (Name)	Start Date	End Date
Sevens Bar & Grill		777 Bellew Drive, Milpitas, CA 95035 (Crowne Plaza San Jose-Silicon Valley)	8/1/2016	12/20/2016
Bristol Bar & Grille		1300 Columbus Avenue, San Francisco, CA 94133 (Holiday Inn San Francisco Fisherman’s Wharf)	8/1/2016	12/11/2016
Mari Los Angeles	Copper Lounge	2151 Avenue of the Stars, Los Angeles, CA 90067 (InterContinental Los Angeles Century City)	8/1/2016	12/20/2016
Knob Hill Club	Top of the Mark	999 California Street, San Francisco, California 94108 (InterContinental Mark Hopkins)	8/17/2016	12/15/2016
Luce	Bar 888	888 Howard Street, San Francisco, CA 94103 (InterContinental San Francisco)	8/18/2016	12/15/2016
Southern Art Restaurant	Bourbon Bar	3315 Peachtree Road NE, Atlanta, GA 30326 (InterContinental Buckhead Atlanta)	8/1/2016	11/9/2016
Michael Jordan’s Steak House & Bar; Center Court	Eno	505 N. Michigan Ave, Chicago, IL 60611 (InterContinental Chicago Magnificent Mile)	8/1/2016	12/15/2016
Cafe Du Parc	Round Robin	1401 Pennsylvania Avenue NW, Washington, DC 20004 (InterContinental The Willard)	8/1/2016	12/2/2016
Sea Breeze Restaurant & Bar; Oceanside Bar & Grill; Da Vinci Ristorante; Corals Restaurant; Pizza Now!	Palm Bar	J. E. Irausquin Boulevard #230, Palm Beach, Aruba (Holiday Inn Resort – Aruba)	8/1/2016	11/28/2016
Signatures Restaurant	Proof Vodka Bar; Sky Lounge	220 Bloor Street West, Toronto, ON M5S1T8, Canada (InterContinental Toronto Yorkville)	8/1/2016	11/28/2016
Trattoria Italiana; Caio Mediterranean; Akua; La Bodeguita	Q-Bar; Ottana Bar; SAK-I	5961 Isla Verde Ave, Carolina, PR 00979 (InterContinental San Juan Resort & Casino)	8/1/2016	11/28/2016
Restaurant at former Holiday Inn Nashville Airport		2200 Elm Hill Pike, Nashville, TN 37214 (Holiday Inn Nashville Airport)	8/1/2016	9/1/2016

Whether you’ve visited any of these restaurants or bars or not, always remember that your card could be compromised anywhere, and your payment data most likely will be stolen. It’s just what happens when you use the modern financial system. Always check your statements for transactions that look unfamiliar, and report them promptly to your financial institution.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.