Holiday Inn-owner IHG falls victim to cyber attack
'Booking channels and other applications have been significantly disrupted' company says
Intercontinental Hotels Group (IHG), which owns Holiday Inn, disclosed on Tuesday that it was looking into "unauthorised access" to a number of its IT systems, which has disrupted the booking process on its website and apps.
IHG submitted a statement to the London Stock Exchange revealing that "parts of its technological systems have been subject to unauthorised activity" and that it was working to fully restore all systems as soon as possible.
"IHG's booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing," the company said.
It added that it had already put its response procedures into place and was evaluating the nature, scope and impact of the incident.
The company has brought in outside experts to look into what happened and is in the process of informing the appropriate authorities.
"We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly," IHG said.
Headquartered in Denham, England, IHG runs 6,028 hotels with a total of 882,897 rooms in more than 100 countries.
The company has offices in Atlanta, Shanghai and Singapore, with a workforce of around 325,000.
Hotel chains including InterContinental, Regent, Crown Plaza, Six Senses, Holiday Inn, Candlewood Suites, Atwell Suites, and many more are among its luxury, premium and essential brands.
In its statement, IHG made no mention of any loss of customer data as a consequence of the cyber incident.
Moreover, the company said it was attempting to restore the affected IT systems, raising the possibility of a ransomware attack in which the threat actors may have encrypted computers on IHG's network.
Based on the information obtained from ihg.com, threat intelligence firm Hudson Rock claimed that the information of at least 15 IHG workers as well as 4,030 users on the internal network had been compromised.
LockBit penetrated Holiday Inn in Istanbul last month and published information that had been stolen from the company.
It is yet unknown whether there is a link between the two attacks.
In 2016, the hotel chain was affected by a network security vulnerability for around three months, with IHG official acknowledging in April 2017 that the hack had an impact on 1,200 hotels.
The attackers utilised malware to acquire credit card data in that attack, and subsequently used the data to make fraudulent purchases using cloned cards.
After three years, a class action lawsuit that had been initiated against the company was finally resolved, with the total amount being capped at $1.55 million.
Hospitality organisations are currently among the most favoured targets for cybercriminals.
In July, Marriott Hotels said that it had experienced its third hack in four years, during which hackers stole 20GB of data, including credit card numbers and internal corporate records.
Last month, researchers said that a cybercrime group tracked as TA558 was behind a recent phishing campaign targeting hotels and other entities operating in the hospitality and travel sector.
According to the researchers, the campaign used a collection of 15 different malware families, typically remote access trojans (RATs), to infiltrate target systems, steal crucial data, and ultimately siphon money from customers.