InterContinental Hotels Group reveals ‘how it minimized recent malware attack’

Share this…

The InterContinental Hotels Group (IHG) claims the implementation of its Secure Payment Solution (SPS) has helped to minimize a recent data breach that may have affected as many as 1,000 of its branches of hotels across the Americas.

The group confirmed in February that it had suffered a data breach towards the end of 2016, adding that malware had been used in an attempt to steal payment card data from the front desks at certain IHG branded hotels across the region.

The malware worked by searching for track data – which often contains sensitive information like cardholder names, numbers and expiration dates – from the magnetic stripes of credit and debit cards.

The group says there is no evidence to suggest that any other guest information was at risk.

After hiring a cybersecurity firm to investigate the incident, IHG discovered that while there was no evidence that payment card data had been accessed after December 29, 2016, the eradication of malware was not confirmed until affected properties were investigated between February and March of this year.

Nevertheless, the group claims that the implementation of its SPS system helped to reduce the potential damage done by the attack.

Working as a point-to-point encryption payment acceptance solution, the SPS technology ensured the malware was not effective in accessing card data, meaning that cards used at these locations were safe.

IHG has already released a list of affected IHG franchise locations, along with respective time frames.

In its statement, it added that it is working closely with payment card networks, along with cybersecurity experts, in a bid to confirm whether malware had been completely eradicated.

The group said it is also looking at ways in which the security measures of franchisees can be evaluated, adding that law enforcement has also become involved.

Nevertheless, the news of IHG’s ability to minimize the effects of malware by way of its SPS technology is likely to catch the attention of other companies looking to further safeguard their own systems.

 Source:https://www.welivesecurity.com/