The owner of Holiday Inn and Crowne Plaza hotels has revealed it was hit by a card payment hack affecting around 1,200 of its franchisees’ properties.
Intercontinental Hotels Group (IHG) warned customers to closely monitor their payment card accounts after active malware had been detected at front-desk payment locations at the hotels between September 29 and December 29.
The attack hijacked information from the payment cards’ magnetic strips as it was being routed through the hotels’ computer servers.
The hotels affected are in the US and one in Puerto Rico, according to the BBC.
IHG confirmed the threat was only eradicated last month.
Buckinghamshire-based IHG previously reported in February that a dozen US hotels had been affected by the same attack.
A spokeswoman said: “Individuals should closely monitor their payment card account statements.
“If there are unauthorised charges, individuals should immediately notify their bank.
“Payment card network rules generally state that cardholders are not responsible for such charges.”
Other affected brands include Hotel Indigo and Candlewood Suites.
Marc Agnew, vice president at technology company ViaSat Europe, said the reputational impact for Holiday Inn will be “more damaging than anything the regulators or cybercriminals can do to them”.
He added: “Inadequately protected customer data can create massive problems for enterprises and consumers alike, so reacting to an attack appropriately and swiftly is vital.”