Category : Hacking News
The UK based company InterContinental Hotels Group PLC (IHG) is the owner of 5028 multinational hotels. The luxury hotels of IHG are located in more than 100 countries. The company was founded in 2003 and it’s headquarter is located in Denham. IHG is the parent company of world-famous hotels such as Hotel Indigo, Holiday Inn, Even, Crowne Plaza, Hualuxe, Kimpton Hotels and Resorts, Holiday Inn Express and Candlewood Suites. From all of the 5028 hotels, the company is directly owning only 10 hotels. Rest of the hotels are under the franchise agreement and separately owned.
The company is getting reports about unauthorized payment transactions from various locations of United States. Most of the reports belong to Hotel “Holiday Inn” and “Holiday Inn Express”. At this time of holidays, people are busy in spending quality time with their loved ones. The hackers are taking advantage of it.
According to a blog post of famous cybersecurity journalist “Brian Krebs,” some of his sources (fraud investigators at financial institutions) told him about the IHG hotels data breach. The fraud investigators have noticed some fraud patterns on the credit and debit cards of IHG customers. Most of the targeted payment cards belong to Holiday Inn Express and Holiday Inn hotels which are located in the United States.
Response of the Company
A spokesperson of IHG said that the company is getting reports about illegitimate payment card activities. Therefore, the company has hired a team of security experts to investigate this incident. In a statement the company told that the security of customer payment card database is our responsibility and we take it very seriously. We received some reports about unauthorized payment transactions from that credit and debit cards, which recently have been used by the customers in US located hotels.
The company is working with a security firm to investigate the whole incident and they promised to resolve the matter very soon. The company also advised its customers to check their credit card and debit card statements to detect unauthorized transactions. If they noticed any of the transaction, they can notify their bank about it.
The reason behind it?
The company is still investigating the incident, therefore, the exact reason is still not clear. It is not the first time when hackers have targeted the database of luxury hotels. A number of data breaches had already happened. The recent “HEI Hotels” data breach, which happened in August 2016 is one of its examples. The 50 hotels of HEI were targeted by the hackers including Hyatt, Marriott, Starwood, Sheraton and Westin. In this data breach, a malware had been installed by the hackers in the PoS (Point-of-Sale) systems of the hotels. The malware was stealing all the sensitive information of payment cards and hackers were collecting it through command and control servers. There is a possibility that same thing has happened with IHG hotels. The hackers can install such type of malware in PoS systems through remote tools.
In the third week of November 2016, a new type of scams was detected. The hackers were calling to the customer representatives of hotels to tell that they are facing some trouble in the online reservation process. To explain their issues, they were sending a word document to customer representatives which were a malware in actual. When the representatives were opening that document, hackers were installing it into the system from the backend. By doing this, they were stealing payment card information remotely.
How these Breaches Are Beneficial For Hackers?
The hackers are introduced with a fact that half of the people don’t even bother to check their payment card statements. Therefore they can misuse payment card information by purchasing costly things. Moreover, hackers can sell the stolen information on the dark web to fellow hackers, which are expert in making fake cards by encoding the stolen information on the magnetic stripe of payment cards.
Proudly Operated from India
© 2016 Copyrights. All Rights Reserved