More than 1,200 hotels in the InterContinental Hotels Group fell victim to a 3-month-long malware attack that targeted customer payment card data, the global hotel chain said Wednesday.
InterContinental, which includes the Holiday Inn and Crowne Plaza brands, said in February only 12 hotels were affected by the cyberattack. The malware attack lasted from September 29 to December 29, searching for data stored on cards' magnetic stripes, such as the cardholder's name, card number, expiration date and internal verification code, the company said.
The company said Holiday Inn, Crown Plaza, Hotel indigo, Candlewood Suites and Staybridge Suites were affected by the breach.
Guests at various hotel chains have frequently found themselves the victim of a payment system breach. Hotel operator HEI Hotels and Resorts reported in August that malware found on the company's systems could have been used to steal data from customers using cards to pay at any point-of-sale terminal from 20 of its US properties. In April 2016, a breach on Donald Trump's luxury hotel chain let hackers steal customer credit card information.