IHG (InterContinental Hotels Group) has recently released some new info concerning the data breach. The news is not good, and it appears that the consequences of the attack were worse than anyone thought.
For those who don’t know, back in February, a parent company of an entire hotel chain that includes many famous brands, for example, Holiday Inn, Crowne Plaza, Kimpton Hotels and Resorts, and Candlewood Suites, has admitted that they had a massive data breach that was discovered in December 2016.
At first, they said that the breach affected only 12 of their properties and that the damage wasn’t as big as many believed.
After the team of cybersecurity professionals was invited to investigate the problem and determine the exact facts about the nature and magnitude of the breach, it was discovered that the hackers that attacked did a lot more than previously thought. They managed to install a malware on the hotel’s servers, and not just any old servers, but the ones on which the payment card processing systems used to rely upon.
It’s now believed that due to this malware, hackers have access to a massive data that includes credit card numbers, cardholder names, and even internal verification codes. This means that the hackers are now perfectly able to commit card frauds through the card cloning.
Everyone affected was notified of the breach and everyone thought that that was it.
The new information has shocked everyone, after the IGH unveiled that the malware was actually designed to access all of the payment card data from all the cards that were used on front desks from all of the IGH properties and that the period of collecting this data consisted of three whole months (September 29. 2016. – December 29. 2016.).
Even though there’s no real evidence of card data being stolen after this period, the investigators can only be sure that the malware was officially gone only in February and March 2017.
The new results based on this information and a search tool for the IHG has opened a possibility that thousands of properties might have been breached.
New official statement by IGH’s spokesperson says that at least 1,200 objects have been breached.
The hotels are now pushing hard to start using the new SPS (Secure Payment Solution) that hides cardholder info by encrypting it. Many of the payment card networks and also cybersecurity experts have been included in this project, and they’ve confirmed that the last of the malware was finally eradicated.
Fortunately, many of the locations have already implemented SPS payment method, and those locations weren’t affected by the attack. Encryption used by these locations has prevented the malware from stealing any information about the cards or their cardholders.
Many other companies in the hospitality industry have been affected lately, and IHG isn’t alone in this. This only proves that hackers will attack literally anything with an internet connection and that security must be taken extremely seriously by everyone these days.