More than 1100 IHG hotels in the US and Puerto Rico were hit by malware starting in late 2016 causing some credit card data to be compromised. The systems appear to have been compromised between 29 September and 29 December 2016, though the dates vary by hotel. The company released a statement about the incident last week describing the impact:
The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication that other guest information was affected. A list of affected IHG franchise locations and respective time frames, which may vary by location, is available here.
IHG also published a list of affected hotels but I really dislike the interface they put on top of it with multiple dropdown boxes to filter the results. So I rebuilt the list into a simple Google Docs Spreadsheet to share.
Hopefully this is useful to some folks.
Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.
Thanks for posting this. I saw a news article awhile back about IHG hacking but it didn’t list all of these locations. I stayed at three on the list during the effective time frame. Thankfully using my corporate AMEX so that is a slight relief.
It’s also interesting that I didn’t see, but could have missed, any Intercontinental properties.
Seriously, when I first looked at that web page, I thought “I’ll bet Seth could strip the data from this opaque interface.” And then you did it. Much easier to review my list of stays from late last year and just CMD-F the spreadsheet. Well done.
If one must carry about a reputation I suppose this is a good one for it to be. 😀