Since Tuesday, prospective Holiday Inn customers have complained on Twitter about their inability to make reservations online. In a filing with the London Stock Exchancge, IHG said it is working to restore all the affected systems as soon as possible and has hired “external specialists” to investigate the incident. The company insists its group of hotels is still functional and can take reservations directly. The UK-based InterContinental Hotels Group is an industry leader in hospitality services. It owns several hotel brands, including InterContinental, Regent, Crowne Plaza, Six Senses, and Holiday Inn. The group has 6028 hotels around the globe, with another 1858 hotels in the pipeline.
What We Know About the IHG Cyberattack
InterContinental Hotels Group’s filing does not reveal much about the nature of the cyberattack. IHG only said it had observed unauthorized activity on its systems. There are speculations that it may be a ransomware attack, but the company has not confirmed this. Travel website LoyaltyLobby reported that IHG’s “consumer and franchise-related systems” were not functional since 9 AM on Sunday, September 4. IHG’s reservations website appears to be functioning properly now. A few hours ago, while the company was still working on the issue, visitors to the site were greeted with the following disclaimer: “A message to our guests: At this time, you may have challenges booking a new reservation, accessing information about your upcoming reservations and accessing your IHG One Rewards account. We’re working to restore all service as soon as possible. If you have an urgent request for an upcoming stay or need to make an urgent reservation, you can call the hotel directly to make, amend or cancel a booking. Thank you for your patience.” IHG said it is notifying the relevant authorities and working alongside its technology suppliers to resolve the issue. The company did not indicate if the breach may have exposed customers’ personal information.
Recent Cyberattacks Targeting IHG
IHG is not a stranger to cyberattacks. Last month, the LockBit ransomware gang breached one of the group’s hotels, the Holiday Inn in Istanbul. It is unclear if that breach is linked to the latest incident. Also, in 2017, IHG was the victim of a three-month-long cyber campaign that affected 1,200 of its hotels in the U.S. Hotels are often targeted by cybercriminals in a bid to access sensitive information such as passport numbers and credit card details. Earlier this year, cybercriminals breached a Marriott hotel in Maryland, stealing 20 GB of data. The latest incident points to a growing trend of cyberattacks against companies in the hospitality sector.