February 06, 2017

InterContinental chain confirms breach at 12 hotels

InterContinental Hotels Group confirmed a credit and debit card data breach affecting bars and restaurants at 12 of its properties between August and December 2016. Stolen data included cardholders' names, card numbers, expiration dates and card verification codes.

In a statement released last week, InterContinental says that credit and debit cards used at the front desks of these 12 properties were not affected and that the malware was only found at select bars and restaurants. This list of affected properties can be found here, which includes locations in the continental U.S., Puerto Rico, Aruba and Canada.

KrebsOnSecurity reported that the hotel chain was looking into a possible card breach late last year. Reporting on this recent news, KrebsOnSecurity noted other hotel brands that have acknowledged card breaches over the last year, including Kimpton Hotels, Trump Hotels (twice), Hilton, Mandarin Oriental and White Lodging (twice).

NAFCU continues to push for Congress to pass a strong national data security standard for retailers that would hold them to the same standards credit unions already follow under the Gramm-Leach-Bliley Act. Credit union representatives can reach out to their members of Congress and urge them to support such a measure through NAFCU's Grassroots Action Center.