Holiday Inn Owner InterContinental Has a Breach Trend

After a high-profile 2017 breach and a Holiday Inn ransomware hit earlier this year, IHG confirms that its booking channels and applications have been disrupted in yet another cyberattack.

InterContinental Hotels Group signage
Source: Agencja Fotograficzna Caro via Alamy Stock Photo

InterContinental Hotels Group (IHG) has disclosed its systems have been breached — again — and that its booking systems and applications have been "significantly disrupted" since Sept. 5.

UK-based IHG operates 17 iconic hospitality brands, including Holiday Inn, Crowne Plaza, and Candlewood Suites. This is the third compromise the massive hotel company has had since 2017.

"IHG is working to fully restore all systems as soon as possible, and to assess the nature, extent, and impact of the incident," explained IHG in a notification of the cyberattack. "We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly."

In the previous attack, the company's point-of-sale systems were compromised, allowing cybercriminals to steal customer credit-card details for guests across 1,200 hotels. Then, in a less sweeping incident, just last month the Holiday Inn in Istanbul was reportedly the victim of a LockBit ransomware attack.

Three Attacks Is a Trend

It's likely the three separate attacks are connected, Justin Vaughan-Brown with Deep Instinct said in an emailed statement. 

"Unfortunately, this is not the first cyberattack that Holiday Inn has experienced, with breaches in 2017 and one last month in Istanbul," Vaughan-Brown noted. "Once cybercriminal groups know that an organization can be breached, it can encourage further attacks."

Some follow-on attacks are simple copycat cybercrimes, while others are carried out for bragging rights — i.e., to demonstrate the ability to pull off the same caper better or faster than the competition, Vaughan-Brown explained.

Hot Hotel Data

Any organization, like a hotel chain, that holds onto massive amounts of valuable, personal data will continue to be a prime target for cyberattacks, Erfan Shadabi, a cybersecurity expert with Comforte AG explained in a statement provided to Dark Reading.

"Consumer-based industries such as travel and entertainment, retail, and financial services definitely apply, as they collect sensitive information on large swathes of their customers and prospects," Shadabi explained. "The reason is simple: threat actors want that data for personal gain."

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights