Save, make, understand money


IHG cyber-attack: What customers need to know

Paloma Kubiak
Written By:
Paloma Kubiak

InterContinental Hotels Group (IHG) PLC has confirmed it suffered a data breach with the website down since Sunday evening.

The group, which operates 6,000 hotels worldwide and includes Crowne Plaza, Holiday Inn and InterContinental Hotel & Resorts, confirmed that parts of the company’s technology systems had been “subject to unauthorised activity”.

It added that its booking channels and other applications had also been significantly disrupted in the meantime.

A statement from the group, read: “IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.

“IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG’s hotels are still able to operate and to take reservations directly.”

It added that it will provide a further update “as and when appropriate”, but told YourMoney.com that customers don’t need to take any action, such as changing passwords or informing their banks.

However, it continues to monitor the situation, and told customers: “At this time, you may have challenges booking a new reservation, accessing information about your upcoming reservations and accessing your IHG One Rewards account. We’re working to restore all service as soon as possible. If you have an urgent request for an upcoming stay or need to make an urgent reservation, you can call the hotel directly to make, amend or cancel a booking. Thank you for your patience.”

Rob Burgess of frequent flyer website, Head for Points, said: “The IHG website was down on Sunday evening and all of Monday. It was passed off as maintenance, but it is now clear that IHG has been the victim of a major hacking attack.

“Hotels have lost two to three days of bookings, with perhaps more to come. There will undoubtedly be members who could not cancel reservations and will face penalties. It also appears that hotels cannot see the status level of arriving guests.

“We now need to see what has been stolen in terms of credit card data, passport data, email addresses etc. If any sensitive data has been taken, the legal settlement in the EU alone is likely to be £100 million to £200 million, given pre-pandemic settlements made by British Airways and Marriott for similar breaches.”

‘Customers will be rightly worried about their IHG data’

Nick Graham, chief technology officer at information security business, Hicomply, recommended customers monitor their accounts and credit reports.

Graham said: “At this stage it’s unclear if the cyber attack has been DoS [Denial-of-Service], Ransomware, theft of personal data or a combination of these. IHG will be working to resolve the issues currently affecting their platforms, and understand what, if any, data has been stolen so they can identify the individuals affected before making further announcements.

“Customers will be rightly worried about their IHG data, if they have recently booked with an IHG group hotel, if they are members of an IHG hotel loyalty program or have credit cards saved with the brands under IHG, at this stage I would recommend the individuals monitor their financial accounts, monitor credit reports.

“If they are not currently using a credit reporting solution or bureau such as Experian, Transunion or Equifax it is worth signing up. With these products, individuals can monitor their credit activity, and will be able to spot unusual credit applications or credit use. As a customer of a credit bureau, you could also add a fraud alert to your credit report, which will notify a potential lender to contact you before granting any new credit.”

He added: “If IHG take the step of contacting customers and notifying them that their data has been stolen – the action now would be to notify your banks and other credit lines of the breach, block all bank cards. I would also recommend people lock their credit report – which will prevent lenders accessing the credit report.”

For Oliver Noble, cybersecurity expert at NordLocker which provides an end-to-end file encryption tool with a private cloud, said this is a “huge and coordinated breach” and while IHG has not disclosed the nature of the attack, “signs point to it being a ransomware attack” – a malicious program that steals and encrypts data present on a victim’s computer in order to extort money from the company to get the files back.

Noble said: “Ransomware is by far the biggest threat organisations face, and its threat worldwide has been growing rapidly, especially since the beginning of the pandemic. In the case of IHG, ransomware seems to be the most likely culprit, as the company has indicated that some systems have been taken down.”

He advised IHG customers to make sure to secure their accounts and any financial information connected to them.

“If you’re one of IHG’s customers, make sure to change your password on IHG’s platform and on every other site in which you use the same credentials to log in because if your password gets leaked, it can be used to hack into any other of your accounts that share the same password. Keep an eye on your bank account for any suspicious activity and freeze, or better yet, block your payment card entirely to prevent your financials from being exploited,” Noble added.

Five cyber security tips

Noble lists these top tips:

  • Update your software on time. Postponing updates is never a good idea, as bad actors can exploit system vulnerabilities that were patched months ago.
  • Use a password manager for managing and creating passwords. A strong password can take months for a wrongdoer to figure out. Luckily, most password managers can help you create and manage a complex password, so you don’t have to remember it ever again.
  • Knowledge of how to identify signs of a potential cyber attack is the most potent tool when it comes to protecting your security, as 82% of successful cyberattacks happen because of human error.
  • Use a VPN. A virtual private network encrypts your traffic and hides your IP address, improving your security and privacy. While a VPN won’t protect you from all cyber threats, it will substantially enhance your overall security.
  • Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.