X

Scope of data breach at InterContinental Hotels expands

Make that 1,200 hotels -- not 12 -- that were infected with malware seeking customer payment card data.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
gettyimages-1846283.jpg

Holiday Inn was one of the hotel brands affected by the malware attack.

John Li/Getty Images

More than 1,200 hotels in the InterContinental Hotels Group fell victim to a 3-month-long malware attack that targeted customer payment card data, the global hotel chain said Wednesday.

InterContinental, which includes the Holiday Inn and Crowne Plaza brands, said in February only 12 hotels were affected by the cyberattack. The malware attack lasted from September 29 to December 29, searching for data stored on cards' magnetic stripes, such as the cardholder's name, card number, expiration date and internal verification code, the company said.

The company said Holiday Inn, Crown Plaza, Hotel indigo, Candlewood Suites and Staybridge Suites were affected by the breach.

Guests at various hotel chains have frequently found themselves the victim of a payment system breach. Hotel operator HEI Hotels and Resorts reported in August that malware found on the company's systems could have been used to steal data from customers using cards to pay at any point-of-sale terminal from 20 of its US properties. In April 2016, a breach on Donald Trump's luxury hotel chain let hackers steal customer credit card information.