InterContinental Hotels Group which operates Holiday Inn, Crown Plaza, Hotel Indigo, Candlewood Suites and Staybridge Suites hotels has announced that they suffered a data breach at an estimated 1,175 of their hotels. The hacking of their credit card processing systems at these hotels occurred between September 29, 2016 and December 29, 2016 and was discovered in December by credit card processing banks who uncovered a pattern of fraud that was able to be traced back to the affected hotels. I first reported to you about this in February.
InterContinental Hotels is just the latest hotel chain to disclose that it had been hacked by cybercriminals stealing credit card and debit card information, joining Kimpton Hotels, Marriot Hotels, Hyatt Hotels, Trump Hotels, Hilton, Mandarin Oriental and White Lodging which all suffered data breaches during the past year. Trump Hotels was hacked twice in the last year.
InterContinental is offering an interactive website where you can look up if you stayed at one of the affected hotels. Here is a link to that website:
It is not known yet whether the data breach is related to the hacking by the Russian organized crime group Carbanak, that, as reported recently by Brian Krebs managed to install malware into the credit and debit card processing equipment manufactured by MICROS used in hotels around the world.
The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards. Regulations effective October 1, 2015 mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment. If smart EMV chip cards had been used at the bars and restaurants at the InterContinental hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, InterContinental and its customers face financial problems from this data breach.
Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted more than a year ago, continue to occur again and again. As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases. In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company. You also should regularly monitor your credit card statements for indications of fraudulent use.