The hotel chain includes the brands Holiday Inn, Crowne Plaza, InterContinental and Klimpton. An investigation revealed malware was installed on servers that process payments at roughly 1,200 of the chain’s hotels between Sept. 29 and Dec. 29, 2016.
Properties that may have been affected are located in Canada, the U.S. and Puerto Rico.
Most Canadian provinces have a hotel that was potentially affected by the hack — you can search here to see if you stayed at an impacted hotel. The list will be updated as the investigation continues.
IHG said it was made aware of the hack after payment card networks identified patterns of unauthorized charges following legitimate use at locations of the hotel chain.
A cardholder’s name, card number, expiration date and internal verification code were potentially compromised by the hack.
The hotel group said it has been working with a cybersecurity firm to enhance security measures. Law enforcement has been notified of the hack.
Canadian consumers are encouraged to look over their credit card statements for any unusual activity.
“We recommend that you remain vigilant to the possibility of fraud and identity theft by reviewing your financial statements for any unauthorized activity,” IHG states.
Anyone who identifies suspicious activity on any of their personal accounts is asked to contact local police to file a claim as well as contact the Canadian Anti-Fraud Centre.