![](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2016\/12\/ihg-ny-580x356.png\"\/)
<\/p>\n<\/p>\n
InterContinental Hotels Group (IHG)<\/strong>, the parent company for more than 5,000 hotels worldwide including Holiday Inn<\/strong>, says it is investigating claims of a possible credit card breach at some U.S. locations.<\/p>\n An Intercontinental hotel in New York City. Photo: IHG.<\/p>\n<\/div>\n Last week, KrebsOnSecurity began hearing from sources who work in fraud prevention at different financial institutions. Those sources said they were seeing a pattern of fraud on customer credit and debit cards that suggested a breach at some IHG properties — particularly Holiday Inn and Holiday Inn Express<\/strong> locations.<\/p>\n Asked about the fraud patterns reported by my sources, a spokesperson for IHG said the company had received similar reports, and that it has hired an outside security firm to help investigate. IHG also issued the following statement:<\/p>\n “IHG takes the protection of payment card data very seriously.\u00a0We were made aware of a report of unauthorized charges occurring on some payment cards that were recently used at a small number of U.S.-based hotel locations. \u00a0We immediately launched an investigation, which includes retaining a leading computer security firm to provide us with additional support.\u00a0\u00a0We continue to work with the payment card networks.”<\/p>\n “We are\u00a0committed to\u00a0swiftly resolving\u00a0this\u00a0matter.\u00a0In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements.\u00a0\u00a0If there are unauthorized charges, individuals should immediately notify their bank. Payment card network rules generally state that cardholders are not responsible for such charges.”<\/p>\n<\/blockquote>\n Headquartered in Denham, U.K., IHG operates more than 5,000 hotels across nearly 100 countries. The company’s dozen brands<\/a> include Holiday Inn, Holiday Inn Express, InterContinental<\/strong>, Kimpton Hotels<\/strong>, and Crowne Plaza<\/strong>.<\/span><\/p>\n Card-stealing cyber thieves have broken into some of the largest hotel chains over the past few years. Hotel brands that have acknowledged card breaches over the last year after prompting by KrebsOnSecurity include Kimpton Hotels<\/a>,\u00a0Trump Hotels<\/a> (twice<\/a>), Hilton<\/a>, Mandarin Oriental<\/a>, and White Lodging<\/a> (twice<\/a>). Card breaches also have hit hospitality\u00a0chains Starwood Hotels<\/a>\u00a0and Hyatt<\/a>.<\/span><\/p>\n In many of those incidents, thieves planted malicious software on the point-of-sale devices at restaurants and bars inside of the hotel chains.\u00a0Point-of-sale based malware has driven most of the credit card breaches over the past two years, including intrusions at Target<\/a> and Home Depot<\/a>, as well as breaches at a slew of point-of-sale vendors<\/a>. The malware usually is installed via hacked remote administration tools. Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register.<\/p>\n![\"An](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2016\/12\/ihg-ny-580x356.png\")
<\/p>\n\n