Global hotel chain InterContinental Hotels Group has said about 1,200 of its franchised properties in the United States, including at least nine in the midstate, were breached by credit-card stealing malware at the end of last year.
IHG said the affected hotels, which account for about one-third of the company’s franchised properties in the Americas, were hit by malware between Sept. 29 and Dec. 29, 2016.
The hotel giant doesn’t know how many customers’ information was stolen, but customers should keep an eye on their card statements.
The company said there is no evidence of unauthorized access to payment card data after Dec. 29, but confirmation that the malware was eradicated did not occur until the properties were investigated in February and March.
The malware reportedly searched for track data, which sometimes has cardholder name in addition to card number, expiration date and internal verification code, read from the magnetic stripe of a payment card as it was being routed through the affected hotel server, IHG said.
The company also said a small percentage of IHG-branded hotels did not participate in the investigation, which remains ongoing. So it’s possible the number of hotels hit was higher.
Here is a list of affected properties. Those not listed in the look-up tool are not affected, the company said.
In Central Pennsylvania, here are the known hotels impacted by the malware attack.
- Holiday Inn Express, 4021 Union Deposit Road, Harrisburg
- Holiday Inn Express, 7744 Linglestown Road, Harrisburg
- Candlewood Suites, 504 North Mountain Road, Harrisburg
- Candlewood Suites, 413 Port View Drive, Harrisburg
- Holiday Inn Express, 610 Walton Ave., Hummelstown
- Holiday Inn Express, 120 Walnut Bottom Road, Shippensburg
- Holiday Inn Express, 1900 Historic Drive, Strasburg
- Holiday Inn Express, 140 Leader Heights Road, York
- Holiday Inn Express, 18 Cinema Drive, York