Cybercrime , Fraud Management & Cybercrime

Online Attack Disrupts InterContinental Hotels Group

Ongoing Attack Affects Hospitality Chain's Reservation System
Online Attack Disrupts InterContinental Hotels Group

Publicly traded InterContinental Hotels Group is in day three of an ongoing cyberattack disrupting the ability of would-be patrons to book rooms.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The U.K.-based hospitality group operates about 6,000 hotels that range from swanky to roadside functional in more than 100 countries. It disclosed the attack in a Tuesday filing with the London Stock Exchange.

Parts of its technology infrastructure "have been subject to unauthorized activity," the company disclosed.

InterContinental Hotels Group has "implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers," it said. It employs approximately 325,000 individuals, and its portfolio includes more than a dozen brands, including InterContinental Hotels & Resorts and Holiday Inn Express.

As of publication, visitors to some of the chain's properties are asked to call to make a booking while other websites appear responsive to booking requests.

Cybersecurity intelligence firm Hudson Rock estimates more than 4,000 users, including 15 employees, have been compromised by the attack. Hudson Rock CEO Roi Carthy told Information Security Media Group that telemetry indicates multiple InterContinental employees downloaded malware compromising their credentials. Carthy said his company uses social engineering techniques that enable it to acquire data directly from threat actors who have compromised computers with malware.

This isn't the hotel chain's first brush with a malware incident. In 2020, it settled a class action lawsuit filed after cybercriminals stole payment card data over a five-month period in late 2016 from a clutch of the group's U.S.-based hotels. InterContinental agreed to pay up to $250 per class member, and the total payout was capped at $1.55 million.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.