IHG says guest data remains safe after hotel cyberattack

InterContinental Hotels Group (IHG) has said it has found no evidence that hackers were able to access guest data as part of a cyberattack earlier this month.

Customers at the global hotel giant, which operates 6,000 properties worldwide under brands including Holiday Inn, Crowne Plaza, and Hotel Indigo, reported problems with booking on 5 September.

On 6 September IHG told investors it had been hacked, causing its reservations channels and other applications to be “significantly disrupted”.

The hackers, who described themselves as a couple from Vietnam, have since contacted the BBC through encrypted messaging app Telegram.

They showed they gained access to IHG’s Outlook emails, Microsoft Teams chats and server directories using the weak password, Qwerty1234.

The hackers told the BBC they were able to access IHG’s internal network by tricking an employee into downloading malicious software through an email attachment and bypassing a security prompt message sent to the worker’s devices.

IHG’s hotels remain open and the company said it was continuing to investigate the incident.

A spokesperson for IHG said: “We prioritised the recovery of our booking channels and revenue generating systems and were able to get those back up and running in a short period of time.

“Our security measures following the unauthorised activity in our technology systems are continuing. We are working closely with our technology suppliers and external specialists have also been engaged to investigate the incident.

“At this time, we have not identified any evidence of unauthorised access to guest data. We remain focused on supporting our hotels and owners.”

The cyberattack comes after IHG was targeted by malware designed to access data from payments cards used at the front desk of several of its franchised hotels in the United States and Puerto Rico in 2016.

*Image: Deutschlandreform / Shutterstock *