InterContinental says 1,200 hotels hit by malwareReprints
(Reuters) — Global hotel chain InterContinental Hotels Group P.L.C. said a third of its franchised properties in the United States were hit late last year by malware that can steal guests' credit card information.
Some 1,200 U.S.-based franchised properties and one hotel in Puerto Rico were affected between Sept. 29 and Dec. 29, 2016, spokesman Neil Hirsch said Wednesday.
The company had 3,633 franchised properties in the Americas at the end of 2016, he said, while a "small percentage" of franchisees have not yet taken up the company's offer to investigate their systems to check for evidence of problems.
He declined to say what financial impact the hack might have on the company or whether the breach would be covered by its insurance policies.
The company said Friday that there is no evidence of unauthorized access to payment card data after Dec. 29, 2016, but that a cyber security firm hired to investigate the breach did not confirm the malware was eradicated until February and March.
The malware searched for track data — including a cardholder's name and card number, expiration date and internal verification code — read from the magnetic strip of a payment card as it was being routed through the affected hotel server.
The brands affected were Holiday Inn, Holiday Inn Express, Hotel Indigo, Crowne Plaza, Candlewood Suites and Daybridge Suites, Mr. Hirsch said.
In February, InterContinental said 12 of its 286 managed properties in the Americas were hit by similar malware.
Shares in Intercontinental were last trading marginally higher at 3,847 British pence ($48.18) after falling sharply on Tuesday.