IHG hack update: ‘No evidence of access to guest data’
InterContinental Hotels Group (IHG) PLC said the investigation into the cyber-attack earlier this month revealed “no evidence of unauthorised access to systems storing guest data”.
In an update this morning, IHG said at this point, it has not identified that any customer data stores on its systems was accessed.
Earlier this month, the group which operates 6,000 hotels worldwide including Crowne Plaza, Holiday Inn and InterContinental Hotel & Resorts, confirmed that parts of the company’s technology systems had been “subject to unauthorised activity”.
Booking channels and other applications had also been “significantly disrupted” at the same time.
But IHG confirmed today that after a period of disruption, it had re-activated its booking websites and mobile app together with its booking channels and revenue-generating systems by Wednesday 7 September.
The statement read: “Subsequently, service at our reservation and customer care call centres has been recovered and all our systems restored. During the disruption in our central systems, IHG-branded hotels continued to operate and were able to take reservations directly.
“We have continued to carry out additional steps as part of our recovery and assurance plans to review and further enhance our security measures.
“External specialists were engaged to investigate the incident, and no evidence of unauthorised access to systems storing guest data has been identified.”
IHG added it has reported the criminal activity to law enforcement and “will continue to work closely with our hotels and owners throughout this time”.
Should you change your password?
While IHG said there is no evidence customer data was accessed, Oliver Noble, cybersecurity expert at NordLocker which provides an end-to-end file encryption tool with a private cloud, suggested customers change password on the account and every other site which may share the same login.
He said: “If your password gets leaked, it can be used to hack into any other of your accounts that share the same password. Keep an eye on your bank account for any suspicious activity and freeze, or better yet, block your payment card entirely to prevent your financials from being exploited.”